Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
snake-cleaned_reversed.bak2.exe

Overview

General Information

Sample name:snake-cleaned_reversed.bak2.exe
Analysis ID:1502489
MD5:d9024afbd347d3060b6453cce8e4c1b2
SHA1:8aab1be02f58ca85b66ba5b9612f8d1c7b32a71b
SHA256:beee778a6c1026b84bd49e6a9e6554f59b4c51c1f31dd79b615a918a0ffba0a5
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Snake Keylogger
.NET source code references suspicious native API functions
AI detected suspicious sample
Contains functionality to log keystrokes (.Net Source)
Machine Learning detection for sample
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
snake-cleaned_reversed.bak2.exeJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    snake-cleaned_reversed.bak2.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      snake-cleaned_reversed.bak2.exeJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
        snake-cleaned_reversed.bak2.exeWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0x142d3:$a1: get_encryptedPassword
        • 0x145bf:$a2: get_encryptedUsername
        • 0x140cb:$a3: get_timePasswordChanged
        • 0x141da:$a4: get_passwordField
        • 0x142e9:$a5: set_encryptedPassword
        • 0x1591f:$a7: get_logins
        • 0x15882:$a10: KeyLoggerEventArgs
        • 0x154c3:$a11: KeyLoggerEventArgsEventHandler
        snake-cleaned_reversed.bak2.exeMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
        • 0x1a1a6:$a2: \Comodo\Dragon\User Data\Default\Login Data
        • 0x193d8:$a3: \Google\Chrome\User Data\Default\Login Data
        • 0x1980b:$a4: \Orbitum\User Data\Default\Login Data
        • 0x1a84a:$a5: \Kometa\User Data\Default\Login Data
        Click to see the 1 entries

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000000.00000000.1652788282.0000000000BD2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000000.1652788282.0000000000BD2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
            00000000.00000000.1652788282.0000000000BD2000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
            • 0x140d3:$a1: get_encryptedPassword
            • 0x143bf:$a2: get_encryptedUsername
            • 0x13ecb:$a3: get_timePasswordChanged
            • 0x13fda:$a4: get_passwordField
            • 0x140e9:$a5: set_encryptedPassword
            • 0x1571f:$a7: get_logins
            • 0x15682:$a10: KeyLoggerEventArgs
            • 0x152c3:$a11: KeyLoggerEventArgsEventHandler
            00000000.00000000.1652788282.0000000000BD2000.00000002.00000001.01000000.00000003.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
            • 0x175f0:$x1: $%SMTPDV$
            • 0x15fd4:$x2: $#TheHashHere%&
            • 0x17598:$x3: %FTPDV$
            • 0x15f74:$x4: $%TelegramDv$
            • 0x152c3:$x5: KeyLoggerEventArgs
            • 0x15682:$x5: KeyLoggerEventArgs
            • 0x175bc:$m2: Clipboard Logs ID
            • 0x177fa:$m2: Screenshot Logs ID
            • 0x1790a:$m2: keystroke Logs ID
            • 0x17be4:$m3: SnakePW
            • 0x177d2:$m4: \SnakeKeylogger\
            00000000.00000002.4101712670.0000000003274000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
              Click to see the 5 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.0.snake-cleaned_reversed.bak2.exe.bd0000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                0.0.snake-cleaned_reversed.bak2.exe.bd0000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                  0.0.snake-cleaned_reversed.bak2.exe.bd0000.0.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
                    0.0.snake-cleaned_reversed.bak2.exe.bd0000.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                    • 0x142d3:$a1: get_encryptedPassword
                    • 0x145bf:$a2: get_encryptedUsername
                    • 0x140cb:$a3: get_timePasswordChanged
                    • 0x141da:$a4: get_passwordField
                    • 0x142e9:$a5: set_encryptedPassword
                    • 0x1591f:$a7: get_logins
                    • 0x15882:$a10: KeyLoggerEventArgs
                    • 0x154c3:$a11: KeyLoggerEventArgsEventHandler
                    0.0.snake-cleaned_reversed.bak2.exe.bd0000.0.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
                    • 0x1a1a6:$a2: \Comodo\Dragon\User Data\Default\Login Data
                    • 0x193d8:$a3: \Google\Chrome\User Data\Default\Login Data
                    • 0x1980b:$a4: \Orbitum\User Data\Default\Login Data
                    • 0x1a84a:$a5: \Kometa\User Data\Default\Login Data
                    Click to see the 1 entries

                    Sigma Signatures

                    No Sigma rule has matched

                    Suricata Signatures

                    Timestamp:2024-09-01T22:22:23.257905+0200
                    SID:2803305
                    Severity:3
                    Source Port:49740
                    Destination Port:443
                    Protocol:TCP
                    Classtype:Unknown Traffic
                    Timestamp:2024-09-01T22:22:16.840312+0200
                    SID:2803274
                    Severity:2
                    Source Port:49733
                    Destination Port:80
                    Protocol:TCP
                    Classtype:Potentially Bad Traffic
                    Timestamp:2024-09-01T22:22:21.413924+0200
                    SID:2803305
                    Severity:3
                    Source Port:49738
                    Destination Port:443
                    Protocol:TCP
                    Classtype:Unknown Traffic
                    Timestamp:2024-09-01T22:22:14.512187+0200
                    SID:2803274
                    Severity:2
                    Source Port:49730
                    Destination Port:80
                    Protocol:TCP
                    Classtype:Potentially Bad Traffic
                    Timestamp:2024-09-01T22:22:15.637217+0200
                    SID:2803274
                    Severity:2
                    Source Port:49730
                    Destination Port:80
                    Protocol:TCP
                    Classtype:Potentially Bad Traffic
                    Timestamp:2024-09-01T22:22:16.212453+0200
                    SID:2803305
                    Severity:3
                    Source Port:49732
                    Destination Port:443
                    Protocol:TCP
                    Classtype:Unknown Traffic

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: snake-cleaned_reversed.bak2.exeAvira: detected
                    Multi AV Scanner detection for submitted file
                    Source: snake-cleaned_reversed.bak2.exeVirustotal: Detection: 64%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: snake-cleaned_reversed.bak2.exeJoe Sandbox ML: detected

                    Location Tracking

                    barindex
                    Tries to detect the country of the analysis system (by using the IP)
                    Source: unknownDNS query: name: reallyfreegeoip.org
                    Source: snake-cleaned_reversed.bak2.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49731 version: TLS 1.2
                    Source: snake-cleaned_reversed.bak2.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Networking

                    barindex
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: snake-cleaned_reversed.bak2.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.snake-cleaned_reversed.bak2.exe.bd0000.0.unpack, type: UNPACKEDPE
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                    Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                    Source: Joe Sandbox ViewIP Address: 158.101.44.242 158.101.44.242
                    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: checkip.dyndns.org
                    Source: unknownDNS query: name: reallyfreegeoip.org
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49733 -> 158.101.44.242:80
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49730 -> 158.101.44.242:80
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49732 -> 188.114.96.3:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49740 -> 188.114.96.3:443
                    Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49738 -> 188.114.96.3:443
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                    Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                    Source: snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000321C000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003201000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000316E000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003266000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003257000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000322A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
                    Source: snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000321C000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003201000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000316E000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003266000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003257000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000322A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.comd
                    Source: snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003238000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000321C000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003201000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000316E000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003151000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003266000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003257000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.00000000031B1000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000322A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                    Source: snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.00000000030A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                    Source: snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003238000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000321C000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003201000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000316E000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003266000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.00000000031B1000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000322A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/d
                    Source: snake-cleaned_reversed.bak2.exeString found in binary or memory: http://checkip.dyndns.org/q
                    Source: snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000321C000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003201000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000316E000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003266000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003257000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000322A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.orgd
                    Source: snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003186000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000321C000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003201000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003266000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003257000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000322A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
                    Source: snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003186000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000321C000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003201000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003266000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003257000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000322A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.orgd
                    Source: snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.00000000030A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000321C000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003201000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000316E000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003266000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003257000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.00000000031B1000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000322A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                    Source: snake-cleaned_reversed.bak2.exeString found in binary or memory: https://reallyfreegeoip.org/xml/
                    Source: snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000322A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33
                    Source: snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000321C000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003201000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003266000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003257000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.00000000031B1000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000322A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49731 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: snake-cleaned_reversed.bak2.exe, Class6.cs.Net Code: VKCodeToUnicode

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: snake-cleaned_reversed.bak2.exe, type: SAMPLEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: snake-cleaned_reversed.bak2.exe, type: SAMPLEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: snake-cleaned_reversed.bak2.exe, type: SAMPLEMatched rule: Detects Snake Keylogger Author: ditekSHen
                    Source: 0.0.snake-cleaned_reversed.bak2.exe.bd0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 0.0.snake-cleaned_reversed.bak2.exe.bd0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                    Source: 0.0.snake-cleaned_reversed.bak2.exe.bd0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                    Source: 00000000.00000000.1652788282.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: 00000000.00000000.1652788282.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                    Source: Process Memory Space: snake-cleaned_reversed.bak2.exe PID: 7568, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                    Source: Process Memory Space: snake-cleaned_reversed.bak2.exe PID: 7568, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_016C60400_2_016C6040
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_016CC0800_2_016CC080
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_016CC34A0_2_016CC34A
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_016C94700_2_016C9470
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_016C66680_2_016C6668
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_016CB6600_2_016CB660
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_016CC6100_2_016CC610
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_016C49BF0_2_016C49BF
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_016CF8C00_2_016CF8C0
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_016CC8D80_2_016CC8D8
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_016CBAF20_2_016CBAF2
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_016CBDB80_2_016CBDB8
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_016CECD70_2_016CECD7
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_016CE2A00_2_016CE2A0
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_016CE2900_2_016CE290
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_016C34B20_2_016C34B2
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_016CB82A0_2_016CB82A
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D176140_2_06D17614
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D194980_2_06D19498
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D1B5B80_2_06D1B5B8
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D1A5280_2_06D1A528
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D100400_2_06D10040
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D1B0380_2_06D1B038
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D171180_2_06D17118
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D19FA00_2_06D19FA0
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D18F180_2_06D18F18
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D16D300_2_06D16D30
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D1AAB00_2_06D1AAB0
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D19A180_2_06D19A18
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D189900_2_06D18990
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D177090_2_06D17709
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D1948A0_2_06D1948A
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D145F80_2_06D145F8
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D155980_2_06D15598
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D1B5A80_2_06D1B5A8
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D125400_2_06D12540
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D165600_2_06D16560
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D1A5180_2_06D1A518
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D135000_2_06D13500
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D1B0270_2_06D1B027
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D141E80_2_06D141E8
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D151B00_2_06D151B0
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D161780_2_06D16178
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D1616C0_2_06D1616C
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D171080_2_06D17108
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D19F900_2_06D19F90
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D18F080_2_06D18F08
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D14DC80_2_06D14DC8
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D15D900_2_06D15D90
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D1AAA80_2_06D1AAA8
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D19A080_2_06D19A08
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D11A200_2_06D11A20
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D128800_2_06D12880
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D149E00_2_06D149E0
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D159800_2_06D15980
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D169480_2_06D16948
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeCode function: 0_2_06D1897F0_2_06D1897F
                    Source: snake-cleaned_reversed.bak2.exe, 00000000.00000002.4100863064.0000000000F87000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs snake-cleaned_reversed.bak2.exe
                    Source: snake-cleaned_reversed.bak2.exe, 00000000.00000000.1652788282.0000000000BD2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs snake-cleaned_reversed.bak2.exe
                    Source: snake-cleaned_reversed.bak2.exe, 00000000.00000002.4100930434.000000000106E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs snake-cleaned_reversed.bak2.exe
                    Source: snake-cleaned_reversed.bak2.exeBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs snake-cleaned_reversed.bak2.exe
                    Source: snake-cleaned_reversed.bak2.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: snake-cleaned_reversed.bak2.exe, type: SAMPLEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: snake-cleaned_reversed.bak2.exe, type: SAMPLEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: snake-cleaned_reversed.bak2.exe, type: SAMPLEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                    Source: 0.0.snake-cleaned_reversed.bak2.exe.bd0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 0.0.snake-cleaned_reversed.bak2.exe.bd0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 0.0.snake-cleaned_reversed.bak2.exe.bd0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                    Source: 00000000.00000000.1652788282.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: 00000000.00000000.1652788282.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                    Source: Process Memory Space: snake-cleaned_reversed.bak2.exe PID: 7568, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                    Source: Process Memory Space: snake-cleaned_reversed.bak2.exe PID: 7568, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                    Source: snake-cleaned_reversed.bak2.exe, RecoverPasswords.csCryptographic APIs: 'TransformFinalBlock'
                    Source: snake-cleaned_reversed.bak2.exe, RecoverPasswords.csCryptographic APIs: 'TransformFinalBlock'
                    Source: snake-cleaned_reversed.bak2.exe, Class6.csCryptographic APIs: 'TransformFinalBlock'
                    Source: snake-cleaned_reversed.bak2.exe, Class6.csCryptographic APIs: 'TransformFinalBlock'
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@2/2
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeMutant created: NULL
                    Source: snake-cleaned_reversed.bak2.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: snake-cleaned_reversed.bak2.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.00000000032E6000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003304000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.00000000032F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: snake-cleaned_reversed.bak2.exeVirustotal: Detection: 64%
                    Source: snake-cleaned_reversed.bak2.exeString found in binary or memory: F-Stopw
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: snake-cleaned_reversed.bak2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: snake-cleaned_reversed.bak2.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeMemory allocated: 16C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeMemory allocated: 30A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeMemory allocated: 50A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 599891Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 599782Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 599657Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 599547Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 599438Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 599313Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 599188Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 599063Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 598938Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 598828Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 598719Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 598594Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 598483Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 598375Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 598266Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 598156Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 598044Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 597938Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 597813Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 597688Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 597575Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 597426Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 597281Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 597172Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 597063Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 596938Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 596828Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 596719Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 596594Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 596485Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 596360Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 596235Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 596110Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 595985Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 595860Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 595735Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 595610Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 595485Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 595360Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 595235Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 595110Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 594938Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 594813Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 594682Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 594577Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 594469Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 594344Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 594235Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 594110Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeWindow / User API: threadDelayed 1607Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeWindow / User API: threadDelayed 8222Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep count: 33 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -30437127721620741s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7668Thread sleep count: 1607 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -599891s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7668Thread sleep count: 8222 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -599782s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -599657s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -599547s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -599438s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -599313s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -599188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -599063s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -598938s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -598828s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -598719s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -598594s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -598483s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -598375s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -598266s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -598156s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -598044s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -597938s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -597813s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -597688s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -597575s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -597426s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -597281s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -597172s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -597063s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -596938s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -596828s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -596719s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -596594s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -596485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -596360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -596235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -596110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -595985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -595860s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -595735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -595610s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -595485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -595360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -595235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -595110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -594938s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -594813s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -594682s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -594577s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -594469s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -594344s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -594235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe TID: 7664Thread sleep time: -594110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 599891Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 599782Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 599657Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 599547Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 599438Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 599313Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 599188Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 599063Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 598938Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 598828Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 598719Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 598594Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 598483Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 598375Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 598266Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 598156Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 598044Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 597938Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 597813Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 597688Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 597575Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 597426Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 597281Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 597172Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 597063Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 596938Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 596828Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 596719Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 596594Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 596485Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 596360Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 596235Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 596110Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 595985Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 595860Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 595735Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 595610Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 595485Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 595360Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 595235Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 595110Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 594938Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 594813Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 594682Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 594577Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 594469Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 594344Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 594235Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeThread delayed: delay time: 594110Jump to behavior
                    Source: snake-cleaned_reversed.bak2.exe, 00000000.00000002.4100930434.00000000010A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    .NET source code references suspicious native API functions
                    Source: snake-cleaned_reversed.bak2.exe, Class9.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(intptr_1, string_0), typeof(T))
                    Source: snake-cleaned_reversed.bak2.exe, Class9.csReference to suspicious API methods: list_0.Add(LoadLibrary(text21 + "\\mozglue.dll"))
                    Source: snake-cleaned_reversed.bak2.exe, Class6.csReference to suspicious API methods: MapVirtualKey(VKCode, 0u)
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeQueries volume information: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Snake Keylogger
                    Source: Yara matchFile source: snake-cleaned_reversed.bak2.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.snake-cleaned_reversed.bak2.exe.bd0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.1652788282.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.4101712670.0000000003274000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.4101712670.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: snake-cleaned_reversed.bak2.exe PID: 7568, type: MEMORYSTR
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                    Source: C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: Yara matchFile source: snake-cleaned_reversed.bak2.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.snake-cleaned_reversed.bak2.exe.bd0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.1652788282.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: snake-cleaned_reversed.bak2.exe PID: 7568, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected Snake Keylogger
                    Source: Yara matchFile source: snake-cleaned_reversed.bak2.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.snake-cleaned_reversed.bak2.exe.bd0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.1652788282.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.4101712670.0000000003274000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.4101712670.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: snake-cleaned_reversed.bak2.exe PID: 7568, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                    Command and Scripting Interpreter                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		1
                    Query Registry                    		Remote Services1
                    Email Collection                    		11
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Native API                    		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts31
                    Virtualization/Sandbox Evasion                    		1
                    Input Capture                    		1
                    Security Software Discovery                    		Remote Desktop Protocol1
                    Input Capture                    		1
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                    Deobfuscate/Decode Files or Information                    		Security Account Manager1
                    Process Discovery                    		SMB/Windows Admin Shares11
                    Archive Collected Data                    		2
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                    DLL Side-Loading                    		NTDS31
                    Virtualization/Sandbox Evasion                    		Distributed Component Object Model1
                    Data from Local System                    		13
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
                    Application Window Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
                    System Network Configuration Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync13
                    System Information Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    snake-cleaned_reversed.bak2.exe65%VirustotalBrowse
                    snake-cleaned_reversed.bak2.exe100%AviraTR/ATRAPS.Gen
                    snake-cleaned_reversed.bak2.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    reallyfreegeoip.org0%VirustotalBrowse
                    checkip.dyndns.com0%VirustotalBrowse
                    checkip.dyndns.org0%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    http://checkip.dyndns.org/0%URL Reputationsafe
                    https://reallyfreegeoip.org/xml/8.46.123.33$0%URL Reputationsafe
                    http://checkip.dyndns.org/q0%URL Reputationsafe
                    http://reallyfreegeoip.org0%URL Reputationsafe
                    http://reallyfreegeoip.org0%URL Reputationsafe
                    https://reallyfreegeoip.org0%URL Reputationsafe
                    http://checkip.dyndns.org0%URL Reputationsafe
                    http://checkip.dyndns.com0%URL Reputationsafe
                    https://reallyfreegeoip.org/xml/8.46.123.330%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    https://reallyfreegeoip.org/xml/0%URL Reputationsafe
                    https://reallyfreegeoip.org/xml/0%URL Reputationsafe
                    http://checkip.dyndns.orgd0%Avira URL Cloudsafe
                    http://checkip.dyndns.comd0%Avira URL Cloudsafe
                    http://reallyfreegeoip.orgd0%Avira URL Cloudsafe
                    http://checkip.dyndns.org/d0%Avira URL Cloudsafe
                    http://checkip.dyndns.org/d0%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    reallyfreegeoip.org
                    		188.114.96.3
                    		truetrueunknown
                    checkip.dyndns.com
                    		158.101.44.242
                    		truefalseunknown
                    checkip.dyndns.org
                    		unknown
                    		unknowntrueunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://checkip.dyndns.org/false
                    • URL Reputation: safe
                    		unknown
                    https://reallyfreegeoip.org/xml/8.46.123.33false
                    • URL Reputation: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://checkip.dyndns.comdsnake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000321C000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003201000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000316E000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003266000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003257000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000322A000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://reallyfreegeoip.org/xml/8.46.123.33$snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000321C000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003201000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003266000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003257000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.00000000031B1000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000322A000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://checkip.dyndns.org/qsnake-cleaned_reversed.bak2.exefalse
                    • URL Reputation: safe
                    		unknown
                    http://reallyfreegeoip.orgdsnake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003186000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000321C000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003201000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003266000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003257000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000322A000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://reallyfreegeoip.orgsnake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003186000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000321C000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003201000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003266000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003257000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000322A000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://checkip.dyndns.orgdsnake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000321C000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003201000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000316E000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003266000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003257000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000322A000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://reallyfreegeoip.orgsnake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000321C000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003201000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000316E000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003266000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003257000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.00000000031B1000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000322A000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://checkip.dyndns.orgsnake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003238000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000321C000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003201000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000316E000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003151000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003266000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003257000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.00000000031B1000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000322A000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://checkip.dyndns.comsnake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000321C000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003201000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000316E000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003266000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003257000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000322A000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://checkip.dyndns.org/dsnake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003238000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000321C000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003201000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000316E000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.0000000003266000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.00000000031B1000.00000004.00000800.00020000.00000000.sdmp, snake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.000000000322A000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namesnake-cleaned_reversed.bak2.exe, 00000000.00000002.4101712670.00000000030A1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://reallyfreegeoip.org/xml/snake-cleaned_reversed.bak2.exefalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    188.114.96.3
                    		reallyfreegeoip.orgEuropean Union
                    		13335CLOUDFLARENETUStrue
                    158.101.44.242
                    		checkip.dyndns.comUnited States
                    		31898ORACLE-BMC-31898USfalse

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1502489
                    Start date and time:2024-09-01 22:21:23 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 6m 26s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:6
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:snake-cleaned_reversed.bak2.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@1/0@2/2
                    EGA Information:Failed
                    HCA Information:
                    • Successful, ratio: 99%
                    • Number of executed functions: 103
                    • Number of non-executed functions: 20
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Execution Graph export aborted for target snake-cleaned_reversed.bak2.exe, PID 7568 because it is empty
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    16:22:14API Interceptor12315460x Sleep call for process: snake-cleaned_reversed.bak2.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    188.114.96.3firmware.i586.elfGet hashmaliciousUnknownBrowse
                    • 188.114.96.3/
                    firmware.i686.elfGet hashmaliciousUnknownBrowse
                    • 188.114.96.3/
                    play.exeGet hashmaliciousFormBookBrowse
                    • www.x0x9x8x8x7x6.shop/ps9q/
                    BankPaymAdviceVend.Report.docxGet hashmaliciousUnknownBrowse
                    • tt.vg/BVhaS
                    ORDER_pdf.exeGet hashmaliciousFormBookBrowse
                    • www.begumnasreenbano.com/e8by/
                    estado de cuenta adjunto.exeGet hashmaliciousFormBookBrowse
                    • www.coinwab.com/kqqj/
                    Fordybendes.exeGet hashmaliciousAzorult, GuLoaderBrowse
                    • d4hk.shop/DL341/index.php
                    ORDER_38746_pdf.exeGet hashmaliciousFormBookBrowse
                    • www.begumnasreenbano.com/e8by/
                    QUOTATION_AUGQTRA071244#U00b7PDF.scrGet hashmaliciousUnknownBrowse
                    • filetransfer.io/data-package/zbi9vNYx/download
                    QUOTATION_AUGQTRA071244PDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                    • filetransfer.io/data-package/kDY6Kvx6/download
                    158.101.44.242librewolf-124.0.2-1-windows-x86_64-setup.exeGet hashmaliciousAgent Tesla, AgentTesla, HTMLPhisherBrowse
                    • checkip.dyndns.org/
                    Scan000406860.exeGet hashmaliciousSnake KeyloggerBrowse
                    • checkip.dyndns.org/
                    doc1.exeGet hashmaliciousClipboard Hijacker, Snake KeyloggerBrowse
                    • checkip.dyndns.org/
                    Nakliye belgeleri.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                    • checkip.dyndns.org/
                    SOA-Al Daleel -Star Electromechanical.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                    • checkip.dyndns.org/
                    GP Design INV20230103 $68,320.exeGet hashmaliciousUnknownBrowse
                    • checkip.dyndns.org/
                    GP Design INV20230103 $68,320.exeGet hashmaliciousUnknownBrowse
                    • checkip.dyndns.org/
                    QUOTATION_AUGQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                    • checkip.dyndns.org/
                    7z.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                    • checkip.dyndns.org/
                    lYL8naoHXw.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • checkip.dyndns.org/

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    reallyfreegeoip.orgsnake.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.97.3
                    snake.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.97.3
                    snake.mal.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.97.3
                    snake.mal.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.96.3
                    LEK1JCI81P.exeGet hashmaliciousRedLine, Snake Keylogger, StormKitty, SugarDump, VIP Keylogger, XWormBrowse
                    • 188.114.96.3
                    Invoice-2238562.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                    • 188.114.97.3
                    INQUIRY.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                    • 188.114.97.3
                    QUOTATION_AUGQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                    • 188.114.97.3
                    SWIFT COPIES.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • 188.114.97.3
                    Nettably.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.97.3
                    checkip.dyndns.comOverwatch-Installer.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                    • 193.122.6.168
                    snake.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 132.226.247.73
                    snake.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 193.122.6.168
                    NordVPNInstaller.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                    • 132.226.247.73
                    librewolf-124.0.2-1-windows-x86_64-setup.exeGet hashmaliciousAgent Tesla, AgentTesla, HTMLPhisherBrowse
                    • 158.101.44.242
                    snake.mal.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 193.122.130.0
                    snake.mal.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 193.122.6.168
                    LEK1JCI81P.exeGet hashmaliciousRedLine, Snake Keylogger, StormKitty, SugarDump, VIP Keylogger, XWormBrowse
                    • 193.122.6.168
                    Invoice-2238562.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                    • 132.226.8.169
                    INQUIRY.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                    • 193.122.6.168

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    CLOUDFLARENETUSsnake.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.97.3
                    snake.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.97.3
                    librewolf-124.0.2-1-windows-x86_64-setup.exeGet hashmaliciousAgent Tesla, AgentTesla, HTMLPhisherBrowse
                    • 172.67.157.127
                    file.exeGet hashmaliciousUnknownBrowse
                    • 172.64.41.3
                    file.exeGet hashmaliciousUnknownBrowse
                    • 172.64.41.3
                    4.7.exeGet hashmaliciousUnknownBrowse
                    • 162.159.128.233
                    file.exeGet hashmaliciousAmadey, StealcBrowse
                    • 172.64.41.3
                    stub.exeGet hashmaliciousStealeriumBrowse
                    • 162.159.136.232
                    firmware.mipsel.elfGet hashmaliciousUnknownBrowse
                    • 104.30.194.47
                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                    • 172.64.41.3
                    ORACLE-BMC-31898USOverwatch-Installer.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                    • 193.122.6.168
                    snake.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 193.122.6.168
                    librewolf-124.0.2-1-windows-x86_64-setup.exeGet hashmaliciousAgent Tesla, AgentTesla, HTMLPhisherBrowse
                    • 158.101.44.242
                    snake.mal.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 193.122.130.0
                    snake.mal.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 193.122.6.168
                    LEK1JCI81P.exeGet hashmaliciousRedLine, Snake Keylogger, StormKitty, SugarDump, VIP Keylogger, XWormBrowse
                    • 193.122.6.168
                    https://indd.adobe.com/view/30080812-36e9-4257-a76c-64b9db55c4c1Get hashmaliciousHTMLPhisherBrowse
                    • 147.154.52.189
                    INQUIRY.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                    • 193.122.6.168
                    SWIFT COPIES.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                    • 193.122.130.0
                    Nettably.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 193.122.6.168

                    JA3 Fingerprints

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    3b5074b1b5d032e5620f69f9f700ff0esnake.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.96.3
                    snake.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.96.3
                    PDF.exeGet hashmaliciousXWormBrowse
                    • 188.114.96.3
                    stub.exeGet hashmaliciousStealeriumBrowse
                    • 188.114.96.3
                    snake.mal.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.96.3
                    snake.mal.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.96.3
                    jFzg3KFP48.exeGet hashmaliciousUnknownBrowse
                    • 188.114.96.3
                    BsMXrWBfhT.exeGet hashmaliciousUnknownBrowse
                    • 188.114.96.3
                    BsMXrWBfhT.exeGet hashmaliciousUnknownBrowse
                    • 188.114.96.3
                    n0PDCyrFnf.exeGet hashmaliciousPureLog StealerBrowse
                    • 188.114.96.3

                    Dropped Files

                    No context

                    Created / dropped Files

                    No created / dropped files found

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Entropy (8bit):5.678664371323745
                    TrID:
                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    • Win32 Executable (generic) a (10002005/4) 49.75%
                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                    • Windows Screen Saver (13104/52) 0.07%
                    • Generic Win/DOS Executable (2004/3) 0.01%
                    File name:snake-cleaned_reversed.bak2.exe
                    File size:124'928 bytes
                    MD5:d9024afbd347d3060b6453cce8e4c1b2
                    SHA1:8aab1be02f58ca85b66ba5b9612f8d1c7b32a71b
                    SHA256:beee778a6c1026b84bd49e6a9e6554f59b4c51c1f31dd79b615a918a0ffba0a5
                    SHA512:d0c65e9240f1d2e9db7dd4401efe33371fc281eb7789f6e460f938d37f5836dd3a739cfebe6a767a18cb3f7e065dcfa69953be49d7dfb1dc6559b5c5e5db27d6
                    SSDEEP:3072:HtwGTQ/1mQXVsuFeMnUkEVy5OG0paPboLeVbT7rrXc51GGEjqZuAWbDVmWLwvcX6:SGTQ/1mQFsuFeMnUkEVy5OG0pqZ7rrXt
                    TLSH:02C3189837F48400E5FEA97226B15264C671F8170A36DF4E5AD1B46A2E7DBC08D13FA3
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P..f..............P.................. ........@.. .......................@............`................................

                    File Icon

                    Icon Hash:90cececece8e8eb0

                    Static PE Info

                    General

                    Entrypoint:0x41f0ae
                    Entrypoint Section:.text
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Time Stamp:0x66908250 [Fri Jul 12 01:09:36 2024 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:4
                    OS Version Minor:0
                    File Version Major:4
                    File Version Minor:0
                    Subsystem Version Major:4
                    Subsystem Version Minor:0
                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                    Entrypoint Preview

                    Instruction
                    jmp dword ptr [00402000h]
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0x1f0600x4b.text
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x200000x108f.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x220000xc.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x20000x1d0b40x1d200df14157493b93ec99dbeca8de5c40a71False0.3310672612660944data5.690524413409393IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .rsrc0x200000x108f0x1200fdd1dfc0f0d847e552b8285650728efdFalse0.3665364583333333data4.867933328765419IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .reloc0x220000xc0x200d155099c52250fa5672e981d4bcdb527False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                    Resources

                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_VERSION0x200a00x394OpenPGP Secret Key0.42358078602620086
                    RT_MANIFEST0x204340xc5bXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.3926651912741069

                    Imports

                    DLLImport
                    mscoree.dll_CorExeMain

                    Network Behavior

                    Suricata IDS Alerts

                    TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                    2024-09-01T22:22:23.257905+0200TCP2803305ETPRO MALWARE Common Downloader Header Pattern H349740443192.168.2.4188.114.96.3
                    2024-09-01T22:22:16.840312+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH24973380192.168.2.4158.101.44.242
                    2024-09-01T22:22:21.413924+0200TCP2803305ETPRO MALWARE Common Downloader Header Pattern H349738443192.168.2.4188.114.96.3
                    2024-09-01T22:22:14.512187+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH24973080192.168.2.4158.101.44.242
                    2024-09-01T22:22:15.637217+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH24973080192.168.2.4158.101.44.242
                    2024-09-01T22:22:16.212453+0200TCP2803305ETPRO MALWARE Common Downloader Header Pattern H349732443192.168.2.4188.114.96.3

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Sep 1, 2024 22:22:13.420341969 CEST4973080192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:13.425457001 CEST8049730158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:13.425539970 CEST4973080192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:13.425721884 CEST4973080192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:13.431519985 CEST8049730158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:14.240117073 CEST8049730158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:14.243712902 CEST4973080192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:14.248665094 CEST8049730158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:14.457158089 CEST8049730158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:14.504614115 CEST49731443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:14.504637003 CEST44349731188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:14.504717112 CEST49731443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:14.512187004 CEST4973080192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:14.516377926 CEST49731443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:14.516395092 CEST44349731188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:14.969155073 CEST44349731188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:14.969280958 CEST49731443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:14.980298996 CEST49731443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:14.980317116 CEST44349731188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:14.980520010 CEST44349731188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:15.027823925 CEST49731443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:15.228394032 CEST49731443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:15.272501945 CEST44349731188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:15.333479881 CEST44349731188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:15.333544016 CEST44349731188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:15.333594084 CEST49731443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:15.438460112 CEST49731443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:15.442697048 CEST4973080192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:15.447690010 CEST8049730158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:15.596834898 CEST8049730158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:15.599642992 CEST49732443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:15.599680901 CEST44349732188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:15.599766970 CEST49732443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:15.600050926 CEST49732443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:15.600073099 CEST44349732188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:15.637217045 CEST4973080192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:16.062777042 CEST44349732188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:16.064901114 CEST49732443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:16.064920902 CEST44349732188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:16.212456942 CEST44349732188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:16.212531090 CEST44349732188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:16.212615967 CEST49732443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:16.212954044 CEST49732443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:16.216876984 CEST4973080192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:16.218151093 CEST4973380192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:16.223416090 CEST8049730158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:16.223526001 CEST4973080192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:16.224678993 CEST8049733158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:16.224776983 CEST4973380192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:16.224962950 CEST4973380192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:16.236704111 CEST8049733158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:16.799360991 CEST8049733158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:16.801167965 CEST49734443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:16.801203012 CEST44349734188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:16.801270008 CEST49734443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:16.801604986 CEST49734443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:16.801619053 CEST44349734188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:16.840312004 CEST4973380192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:17.401767015 CEST44349734188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:17.403609037 CEST49734443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:17.403621912 CEST44349734188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:17.538618088 CEST44349734188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:17.538692951 CEST44349734188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:17.538747072 CEST49734443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:17.539360046 CEST49734443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:17.548329115 CEST4973580192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:17.553131104 CEST8049735158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:17.553205967 CEST4973580192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:17.553323984 CEST4973580192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:17.558113098 CEST8049735158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:19.561788082 CEST8049735158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:19.563471079 CEST49736443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:19.563505888 CEST44349736188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:19.563602924 CEST49736443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:19.563899040 CEST49736443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:19.563915014 CEST44349736188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:19.605947971 CEST4973580192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:20.030921936 CEST44349736188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:20.032658100 CEST49736443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:20.032680035 CEST44349736188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:20.192070961 CEST44349736188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:20.192147017 CEST44349736188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:20.192312956 CEST49736443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:20.192943096 CEST49736443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:20.196330070 CEST4973580192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:20.197467089 CEST4973780192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:20.201836109 CEST8049735158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:20.201903105 CEST4973580192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:20.202351093 CEST8049737158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:20.202418089 CEST4973780192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:20.202510118 CEST4973780192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:20.213762999 CEST8049737158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:20.799765110 CEST8049737158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:20.816431999 CEST49738443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:20.816489935 CEST44349738188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:20.816546917 CEST49738443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:20.820086956 CEST49738443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:20.820105076 CEST44349738188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:20.840322971 CEST4973780192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:21.284929991 CEST44349738188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:21.286539078 CEST49738443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:21.286556959 CEST44349738188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:21.413923025 CEST44349738188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:21.413990974 CEST44349738188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:21.414048910 CEST49738443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:21.414391994 CEST49738443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:21.417439938 CEST4973780192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:21.418613911 CEST4973980192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:21.422454119 CEST8049737158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:21.422507048 CEST4973780192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:21.423376083 CEST8049739158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:21.423439026 CEST4973980192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:21.423533916 CEST4973980192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:21.428334951 CEST8049739158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:22.673691034 CEST8049739158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:22.675019026 CEST49740443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:22.675050974 CEST44349740188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:22.675127983 CEST49740443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:22.675472975 CEST49740443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:22.675487995 CEST44349740188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:22.715328932 CEST4973980192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:23.112226009 CEST44349740188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:23.113754988 CEST49740443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:23.113768101 CEST44349740188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:23.257896900 CEST44349740188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:23.257956982 CEST44349740188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:23.258008957 CEST49740443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:23.258738041 CEST49740443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:23.264090061 CEST4973980192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:23.269246101 CEST8049739158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:23.269316912 CEST4973980192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:23.342683077 CEST4974180192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:23.505888939 CEST8049741158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:23.505958080 CEST4974180192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:23.506093025 CEST4974180192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:23.510828018 CEST8049741158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:24.065574884 CEST8049741158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:24.066966057 CEST49742443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:24.067039967 CEST44349742188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:24.067154884 CEST49742443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:24.067404032 CEST49742443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:24.067439079 CEST44349742188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:24.121620893 CEST4974180192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:24.502499104 CEST44349742188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:24.503983021 CEST49742443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:24.504025936 CEST44349742188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:24.632407904 CEST44349742188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:24.632500887 CEST44349742188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:24.632607937 CEST49742443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:24.632998943 CEST49742443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:24.636039019 CEST4974180192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:24.637012959 CEST4974380192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:24.641098976 CEST8049741158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:24.641170025 CEST4974180192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:24.641926050 CEST8049743158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:24.641997099 CEST4974380192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:24.642076969 CEST4974380192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:24.646812916 CEST8049743158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:25.181015968 CEST8049743158.101.44.242192.168.2.4
                    Sep 1, 2024 22:22:25.182593107 CEST49744443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:25.182626009 CEST44349744188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:25.182708025 CEST49744443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:25.183115959 CEST49744443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:25.183131933 CEST44349744188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:25.230962038 CEST4974380192.168.2.4158.101.44.242
                    Sep 1, 2024 22:22:25.625884056 CEST44349744188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:25.627449989 CEST49744443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:25.627469063 CEST44349744188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:25.772911072 CEST44349744188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:25.772985935 CEST44349744188.114.96.3192.168.2.4
                    Sep 1, 2024 22:22:25.773102999 CEST49744443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:22:25.773757935 CEST49744443192.168.2.4188.114.96.3
                    Sep 1, 2024 22:23:21.796648026 CEST8049733158.101.44.242192.168.2.4
                    Sep 1, 2024 22:23:21.796730042 CEST4973380192.168.2.4158.101.44.242
                    Sep 1, 2024 22:23:30.181750059 CEST8049743158.101.44.242192.168.2.4
                    Sep 1, 2024 22:23:30.181830883 CEST4974380192.168.2.4158.101.44.242
                    Sep 1, 2024 22:24:05.185708046 CEST4974380192.168.2.4158.101.44.242
                    Sep 1, 2024 22:24:05.190606117 CEST8049743158.101.44.242192.168.2.4

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Sep 1, 2024 22:22:13.408034086 CEST5678453192.168.2.41.1.1.1
                    Sep 1, 2024 22:22:13.415476084 CEST53567841.1.1.1192.168.2.4
                    Sep 1, 2024 22:22:14.493576050 CEST6085953192.168.2.41.1.1.1
                    Sep 1, 2024 22:22:14.503979921 CEST53608591.1.1.1192.168.2.4

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Sep 1, 2024 22:22:13.408034086 CEST192.168.2.41.1.1.10xbea9Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                    Sep 1, 2024 22:22:14.493576050 CEST192.168.2.41.1.1.10xbdeaStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Sep 1, 2024 22:22:13.415476084 CEST1.1.1.1192.168.2.40xbea9No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                    Sep 1, 2024 22:22:13.415476084 CEST1.1.1.1192.168.2.40xbea9No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                    Sep 1, 2024 22:22:13.415476084 CEST1.1.1.1192.168.2.40xbea9No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                    Sep 1, 2024 22:22:13.415476084 CEST1.1.1.1192.168.2.40xbea9No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                    Sep 1, 2024 22:22:13.415476084 CEST1.1.1.1192.168.2.40xbea9No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                    Sep 1, 2024 22:22:13.415476084 CEST1.1.1.1192.168.2.40xbea9No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                    Sep 1, 2024 22:22:14.503979921 CEST1.1.1.1192.168.2.40xbdeaNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                    Sep 1, 2024 22:22:14.503979921 CEST1.1.1.1192.168.2.40xbdeaNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • reallyfreegeoip.org
                    • checkip.dyndns.org

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.449730158.101.44.242807568C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe
                    TimestampBytes transferredDirectionData
                    Sep 1, 2024 22:22:13.425721884 CEST151OUTGET / HTTP/1.1
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                    Host: checkip.dyndns.org
                    Connection: Keep-Alive
                    Sep 1, 2024 22:22:14.240117073 CEST320INHTTP/1.1 200 OK
                    Date: Sun, 01 Sep 2024 20:22:14 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: 0d4ea0ebbdd9575cb0cd150f8df66b0b
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                    Sep 1, 2024 22:22:14.243712902 CEST127OUTGET / HTTP/1.1
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                    Host: checkip.dyndns.org
                    Sep 1, 2024 22:22:14.457158089 CEST320INHTTP/1.1 200 OK
                    Date: Sun, 01 Sep 2024 20:22:14 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: 27b5d08f44d41ddb930f81b209047155
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                    Sep 1, 2024 22:22:15.442697048 CEST127OUTGET / HTTP/1.1
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                    Host: checkip.dyndns.org
                    Sep 1, 2024 22:22:15.596834898 CEST320INHTTP/1.1 200 OK
                    Date: Sun, 01 Sep 2024 20:22:15 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: c5b72276afac58a8733dfb723373fb9f
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.449733158.101.44.242807568C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe
                    TimestampBytes transferredDirectionData
                    Sep 1, 2024 22:22:16.224962950 CEST127OUTGET / HTTP/1.1
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                    Host: checkip.dyndns.org
                    Sep 1, 2024 22:22:16.799360991 CEST320INHTTP/1.1 200 OK
                    Date: Sun, 01 Sep 2024 20:22:16 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: c887f5f7b8606a19388aafa1757d2e7e
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.449735158.101.44.242807568C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe
                    TimestampBytes transferredDirectionData
                    Sep 1, 2024 22:22:17.553323984 CEST151OUTGET / HTTP/1.1
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                    Host: checkip.dyndns.org
                    Connection: Keep-Alive
                    Sep 1, 2024 22:22:19.561788082 CEST320INHTTP/1.1 200 OK
                    Date: Sun, 01 Sep 2024 20:22:19 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: 005529271ab315497df2fd7b742daeca
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.449737158.101.44.242807568C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe
                    TimestampBytes transferredDirectionData
                    Sep 1, 2024 22:22:20.202510118 CEST151OUTGET / HTTP/1.1
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                    Host: checkip.dyndns.org
                    Connection: Keep-Alive
                    Sep 1, 2024 22:22:20.799765110 CEST320INHTTP/1.1 200 OK
                    Date: Sun, 01 Sep 2024 20:22:20 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: 5d1a57bd1c8c1038d97e3b77bcf65eee
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.449739158.101.44.242807568C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe
                    TimestampBytes transferredDirectionData
                    Sep 1, 2024 22:22:21.423533916 CEST151OUTGET / HTTP/1.1
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                    Host: checkip.dyndns.org
                    Connection: Keep-Alive
                    Sep 1, 2024 22:22:22.673691034 CEST320INHTTP/1.1 200 OK
                    Date: Sun, 01 Sep 2024 20:22:22 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: d99c226c4ba4803fd523abcdc5b7ce7f
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    5192.168.2.449741158.101.44.242807568C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe
                    TimestampBytes transferredDirectionData
                    Sep 1, 2024 22:22:23.506093025 CEST151OUTGET / HTTP/1.1
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                    Host: checkip.dyndns.org
                    Connection: Keep-Alive
                    Sep 1, 2024 22:22:24.065574884 CEST320INHTTP/1.1 200 OK
                    Date: Sun, 01 Sep 2024 20:22:23 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: 357fe16facf6345c298eb42a83288ea0
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    6192.168.2.449743158.101.44.242807568C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe
                    TimestampBytes transferredDirectionData
                    Sep 1, 2024 22:22:24.642076969 CEST151OUTGET / HTTP/1.1
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                    Host: checkip.dyndns.org
                    Connection: Keep-Alive
                    Sep 1, 2024 22:22:25.181015968 CEST320INHTTP/1.1 200 OK
                    Date: Sun, 01 Sep 2024 20:22:25 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: f5e3b455401a55cca890277356f61f4c
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.449731188.114.96.34437568C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe
                    TimestampBytes transferredDirectionData
                    2024-09-01 20:22:15 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                    Host: reallyfreegeoip.org
                    Connection: Keep-Alive
                    2024-09-01 20:22:15 UTC710INHTTP/1.1 200 OK
                    Date: Sun, 01 Sep 2024 20:22:15 GMT
                    Content-Type: application/xml
                    Transfer-Encoding: chunked
                    Connection: close
                    access-control-allow-origin: *
                    vary: Accept-Encoding
                    Cache-Control: max-age=86400
                    CF-Cache-Status: HIT
                    Age: 31635
                    Last-Modified: Sun, 01 Sep 2024 11:35:00 GMT
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SCfY163eAVkKZtz2fcrjTNUtAFu1A9de3kJlv652b5T%2Fm5n%2BeKgcKMGu2Fnx0wS0H3I6mnH5X5%2FO0ymei44BK96CZcSiTeSL%2FYmnpUNZuurd92SRlOuSojzygezx6A%2BBTkosnzLB"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8bc7f8a97e7441c6-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-09-01 20:22:15 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                    2024-09-01 20:22:15 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.449732188.114.96.34437568C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe
                    TimestampBytes transferredDirectionData
                    2024-09-01 20:22:16 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                    Host: reallyfreegeoip.org
                    2024-09-01 20:22:16 UTC704INHTTP/1.1 200 OK
                    Date: Sun, 01 Sep 2024 20:22:16 GMT
                    Content-Type: application/xml
                    Transfer-Encoding: chunked
                    Connection: close
                    access-control-allow-origin: *
                    vary: Accept-Encoding
                    Cache-Control: max-age=86400
                    CF-Cache-Status: HIT
                    Age: 31636
                    Last-Modified: Sun, 01 Sep 2024 11:35:00 GMT
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o8YNiIcJYw7bE88fsf%2B9WMhojJFIWZnuf344T73kLXQENMRkZffvpGgRxqWSpijfBSiRnRbxCxUVbWoyl26W8vntDrKF07fypE%2BmrctCdOSHYy8CVsvByMyPYlCrX7EJuWyjQQoZ"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8bc7f8aed85e0f42-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-09-01 20:22:16 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                    2024-09-01 20:22:16 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.449734188.114.96.34437568C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe
                    TimestampBytes transferredDirectionData
                    2024-09-01 20:22:17 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                    Host: reallyfreegeoip.org
                    Connection: Keep-Alive
                    2024-09-01 20:22:17 UTC706INHTTP/1.1 200 OK
                    Date: Sun, 01 Sep 2024 20:22:17 GMT
                    Content-Type: application/xml
                    Transfer-Encoding: chunked
                    Connection: close
                    access-control-allow-origin: *
                    vary: Accept-Encoding
                    Cache-Control: max-age=86400
                    CF-Cache-Status: HIT
                    Age: 31637
                    Last-Modified: Sun, 01 Sep 2024 11:35:00 GMT
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PPyQDPUpGqnsdA%2BRByrjs40qLpl4wmnrizA7wlHN4%2FnVTUiCdpMbB4VxmweoyJxg5ArxHBQ5eiaZAUZXbyeJf50ChLlJoV%2B0xHOCyzzsNq63YE48aUffe4XpW18lK58Nhb5Xqwet"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8bc7f8b738f97291-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-09-01 20:22:17 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                    2024-09-01 20:22:17 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.449736188.114.96.34437568C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe
                    TimestampBytes transferredDirectionData
                    2024-09-01 20:22:20 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                    Host: reallyfreegeoip.org
                    Connection: Keep-Alive
                    2024-09-01 20:22:20 UTC714INHTTP/1.1 200 OK
                    Date: Sun, 01 Sep 2024 20:22:20 GMT
                    Content-Type: application/xml
                    Transfer-Encoding: chunked
                    Connection: close
                    access-control-allow-origin: *
                    vary: Accept-Encoding
                    Cache-Control: max-age=86400
                    CF-Cache-Status: HIT
                    Age: 31640
                    Last-Modified: Sun, 01 Sep 2024 11:35:00 GMT
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1mGNcle68vpWaEu7oquZPK8zRlaSJ34OWog%2FQfDXCZTI00c4FR36wvtdFIjB6ryOL1%2Fyo3do9s%2Blq8dhUvhtYHOtY%2BbX7k6qVzDy%2FDL7Li%2F7Mn4jSVeBEcFoxE5XDiNufMP%2BQhqj"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8bc7f8c7dbd88c5f-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-09-01 20:22:20 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                    2024-09-01 20:22:20 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.449738188.114.96.34437568C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe
                    TimestampBytes transferredDirectionData
                    2024-09-01 20:22:21 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                    Host: reallyfreegeoip.org
                    2024-09-01 20:22:21 UTC704INHTTP/1.1 200 OK
                    Date: Sun, 01 Sep 2024 20:22:21 GMT
                    Content-Type: application/xml
                    Transfer-Encoding: chunked
                    Connection: close
                    access-control-allow-origin: *
                    vary: Accept-Encoding
                    Cache-Control: max-age=86400
                    CF-Cache-Status: HIT
                    Age: 31641
                    Last-Modified: Sun, 01 Sep 2024 11:35:00 GMT
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DxySA0JMCOOEbHIbEOKolrnhJd5U5PoOy%2B82iqKPjiCxEwqRAOyrfR8euQyWAQhhspil6VloO2ZpEf8kz3rVP%2Ba64GHnmQuS8rPR7nCEd7FReS5QAjNZx0OhcuBmtgZVPyP7CGow"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8bc7f8cf7bd218b4-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-09-01 20:22:21 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                    2024-09-01 20:22:21 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    5192.168.2.449740188.114.96.34437568C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe
                    TimestampBytes transferredDirectionData
                    2024-09-01 20:22:23 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                    Host: reallyfreegeoip.org
                    2024-09-01 20:22:23 UTC716INHTTP/1.1 200 OK
                    Date: Sun, 01 Sep 2024 20:22:23 GMT
                    Content-Type: application/xml
                    Transfer-Encoding: chunked
                    Connection: close
                    access-control-allow-origin: *
                    vary: Accept-Encoding
                    Cache-Control: max-age=86400
                    CF-Cache-Status: HIT
                    Age: 31643
                    Last-Modified: Sun, 01 Sep 2024 11:35:00 GMT
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ouv%2BN9gP8iIZRAWa2o3GJpi%2BUKn%2B9MJxfAbm7P6YKjTdzdBK5Vl%2FTyquI1M%2BHbmkpoi%2BoXKT8OU2UqwGlOaoa59UASyt66BnFUI7ICNp%2F5B2WJZcnnDIfjHomjwmDKkG%2F8wIxFK8"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8bc7f8dafbc30f5d-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-09-01 20:22:23 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                    2024-09-01 20:22:23 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    6192.168.2.449742188.114.96.34437568C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe
                    TimestampBytes transferredDirectionData
                    2024-09-01 20:22:24 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                    Host: reallyfreegeoip.org
                    Connection: Keep-Alive
                    2024-09-01 20:22:24 UTC702INHTTP/1.1 200 OK
                    Date: Sun, 01 Sep 2024 20:22:24 GMT
                    Content-Type: application/xml
                    Transfer-Encoding: chunked
                    Connection: close
                    access-control-allow-origin: *
                    vary: Accept-Encoding
                    Cache-Control: max-age=86400
                    CF-Cache-Status: HIT
                    Age: 31644
                    Last-Modified: Sun, 01 Sep 2024 11:35:00 GMT
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=exQVB8lLT9KTKpqGWi1rEPFdmVMPiDF6sEtpFIVvKT54bux4uOsxVuGnii4rwFXwvXu8ABnRJ630328aDzZ2uWevAlwTDm4oa7MaucEL8sZjeTh70aEc%2B9VsynJC8A1fjM7kMzHI"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8bc7f8e39c8a42d5-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-09-01 20:22:24 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                    2024-09-01 20:22:24 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    7192.168.2.449744188.114.96.34437568C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe
                    TimestampBytes transferredDirectionData
                    2024-09-01 20:22:25 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                    Host: reallyfreegeoip.org
                    Connection: Keep-Alive
                    2024-09-01 20:22:25 UTC708INHTTP/1.1 200 OK
                    Date: Sun, 01 Sep 2024 20:22:25 GMT
                    Content-Type: application/xml
                    Transfer-Encoding: chunked
                    Connection: close
                    access-control-allow-origin: *
                    vary: Accept-Encoding
                    Cache-Control: max-age=86400
                    CF-Cache-Status: HIT
                    Age: 31645
                    Last-Modified: Sun, 01 Sep 2024 11:35:00 GMT
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pl0B1ukpLiFX673ppt48ncBwzfGddKUkZ02GNbsNH3CGJLpETaai0PfHEaJwYVY%2Fm6MKSyVWgWlLCfveg%2BkZEoi8nuy2yWwzGrff5SeJ1zy%2BMeM%2BnFefvtRrYty11K8bCevrasIz"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 8bc7f8eabb014270-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-09-01 20:22:25 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                    2024-09-01 20:22:25 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    System Behavior

                    General

                    Target ID:0
                    Start time:16:22:12
                    Start date:01/09/2024
                    Path:C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\snake-cleaned_reversed.bak2.exe"
                    Imagebase:0xbd0000
                    File size:124'928 bytes
                    MD5 hash:D9024AFBD347D3060B6453CCE8E4C1B2
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000000.1652788282.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000000.1652788282.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000000.1652788282.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                    • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000000.1652788282.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen
                    • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.4101712670.0000000003274000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.4101712670.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:false

                    Disassembly

                    Reset < >

                      Executed Functions

                      Function 016C6668 Relevance: 6.7, Strings: 5, Instructions: 459COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: (o^q$(o^q$(o^q$,bq$,bq
                      • API String ID: 0-2525668591
                      • Opcode ID: b9a8915e979853f0553002298ed87870bad176c39c747554c62d5c3671f83fd7
                      • Instruction ID: 7d923088763ee86e075f5b6814113c641cacccd4bc2daac5a1bac2c44ffdd455
                      • Opcode Fuzzy Hash: b9a8915e979853f0553002298ed87870bad176c39c747554c62d5c3671f83fd7
                      • Instruction Fuzzy Hash: D6126B70A00209CFCB15CFA9C984ABEBBF2FF88704F158469E915AB365D734E852CB54
                      Function 016C9470 Relevance: 6.1, Strings: 4, Instructions: 1125COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: (o^q$4'^q$4'^q$4'^q
                      • API String ID: 0-183542557
                      • Opcode ID: 731475327ba74db069e776338c0dfe000cd8d0e248fc9dd9b890932ca3562bcd
                      • Instruction ID: 7622300f115ea9e9b7334f59c9240a3b4e64997ce7203cbb2d2ecda34054cc52
                      • Opcode Fuzzy Hash: 731475327ba74db069e776338c0dfe000cd8d0e248fc9dd9b890932ca3562bcd
                      • Instruction Fuzzy Hash: 92A27E71A00209DFCB15CFA8C984ABEBBB6FF88704F158569E405DB3A6DB35E941CB50
                      Function 016C49BF Relevance: 4.0, Strings: 3, Instructions: 211COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: ?q^$PH^q$PH^q
                      • API String ID: 0-1168988485
                      • Opcode ID: bb67fb46ebfe39fabdfec77956009c36b37905d21786a9780981a2e92b25886c
                      • Instruction ID: 7453fe8620e1ec3f3b99f22f317270aa9bda60202256c2f08758faa628c9f5d8
                      • Opcode Fuzzy Hash: bb67fb46ebfe39fabdfec77956009c36b37905d21786a9780981a2e92b25886c
                      • Instruction Fuzzy Hash: 00A12570E052588FDB15DFA9D994A9DBFF2FF89300F1480AAD848AB365DB349885CF01
                      Function 016C6040 Relevance: 3.0, Strings: 2, Instructions: 512COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: (o^q$Hbq
                      • API String ID: 0-662517225
                      • Opcode ID: c45350d900273ae3fe96d40c0481d731d35d1107229c91b2cb4dd2219f796af8
                      • Instruction ID: a1d891a1b1ce616515baf3e4d5bd454090ebb277d280a21767aa0e2024d802ba
                      • Opcode Fuzzy Hash: c45350d900273ae3fe96d40c0481d731d35d1107229c91b2cb4dd2219f796af8
                      • Instruction Fuzzy Hash: 85128D70A002198FDB15DF69C854AAEBBF6FF88700F24856DE405DB395DF349942CB94
                      Function 016C34B2 Relevance: 2.9, Strings: 2, Instructions: 413COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: Xbq$$^q
                      • API String ID: 0-1593437937
                      • Opcode ID: 250f6f3a310e44c56db4f709c75d55ecc0f71d08fc1dec32fdc9b28be12165a2
                      • Instruction ID: 41788d2d1a7ae07c2ff7758e2bf1297670d464d93b60faac3216b590bd8483e5
                      • Opcode Fuzzy Hash: 250f6f3a310e44c56db4f709c75d55ecc0f71d08fc1dec32fdc9b28be12165a2
                      • Instruction Fuzzy Hash: E3F14C79E00218DFDB18DFB9D8545AEBBB2FF89710B14856EE406A7358CB349C12CB51
                      Function 016CB660 Relevance: 2.8, Strings: 2, Instructions: 344COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: PH^q$PH^q
                      • API String ID: 0-1598597984
                      • Opcode ID: 5b99399594804f62dcb93f4754a51414fac3082a10eab8a4998441f0f9ed9416
                      • Instruction ID: d9b0bcd09d3f7b78c04715b45080f424f477e456b36a8146475cccc77ffe034d
                      • Opcode Fuzzy Hash: 5b99399594804f62dcb93f4754a51414fac3082a10eab8a4998441f0f9ed9416
                      • Instruction Fuzzy Hash: 2DE10A75E01218CFDB14DFA9C885AADBBB2FF49750F198069E819AB365DB30AC41CF50
                      Function 06D17614 Relevance: 2.7, Strings: 2, Instructions: 222COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: PH^q$PH^q
                      • API String ID: 0-1598597984
                      • Opcode ID: f5d6fedcec899240a5eecc4cd07f34863b2643dbf79934d30b753feb97ba5ba8
                      • Instruction ID: 3c9692275543347ac1ef3ee3c3fccce4f91117b504e1aeb45e8b23d5c819b6ad
                      • Opcode Fuzzy Hash: f5d6fedcec899240a5eecc4cd07f34863b2643dbf79934d30b753feb97ba5ba8
                      • Instruction Fuzzy Hash: 7B814B74E0125CEFDB94DFA9E84469EFBB2BF49300F2081A9D409AF265DB705981CF90
                      Function 016CBAF2 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: PH^q$PH^q
                      • API String ID: 0-1598597984
                      • Opcode ID: 51c71d3f884da118ad84752f05d6b5dc0bef526d84114a219e3ede5852c1577d
                      • Instruction ID: 9d50d20e12fbe890ce43e235a9aafbe65097484e07e9db5dbd0a285bd3191c0c
                      • Opcode Fuzzy Hash: 51c71d3f884da118ad84752f05d6b5dc0bef526d84114a219e3ede5852c1577d
                      • Instruction Fuzzy Hash: 5481B374E002188FDB54DFA9D984AADBBF2FF88700F148069E809AB365DB345D85CF11
                      Function 016CC080 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: PH^q$PH^q
                      • API String ID: 0-1598597984
                      • Opcode ID: 4e99f39ee5def1ec83c2cd21c45c1eb9139af512f1ae015f7673d814c8ab2a28
                      • Instruction ID: 4c5a80e5f1def6fba6ccbcc3e96417b56cc5646ee2c7616c938f91d9ba975c79
                      • Opcode Fuzzy Hash: 4e99f39ee5def1ec83c2cd21c45c1eb9139af512f1ae015f7673d814c8ab2a28
                      • Instruction Fuzzy Hash: 6181C574E012188FDB14DFAAD994A9DBBF2FF88700F14C069E809AB365DB345985CF10
                      Function 016CC8D8 Relevance: 2.7, Strings: 2, Instructions: 177COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: PH^q$PH^q
                      • API String ID: 0-1598597984
                      • Opcode ID: 85ef8d8bcb18bf0fcf72a56b74fc3bd52d76f4b1a9b168b6a809543d69a00513
                      • Instruction ID: 593a7a0cb0ba537ea7b7951d8d411a9325c1880e743e8a062679620b8a2f2b6a
                      • Opcode Fuzzy Hash: 85ef8d8bcb18bf0fcf72a56b74fc3bd52d76f4b1a9b168b6a809543d69a00513
                      • Instruction Fuzzy Hash: F4819374E012188FDB18DFA9D984A9DBBF2FF89300F14C06AE809AB365DB315985CF10
                      Function 016CBDB8 Relevance: 2.7, Strings: 2, Instructions: 177COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: PH^q$PH^q
                      • API String ID: 0-1598597984
                      • Opcode ID: 06528b2b0f6e5a9bfeb3a630555f7a1c6d7e34dcd314888c808c7847b111b0ae
                      • Instruction ID: f3a28e1c166161fe6a46fe3bf48ec770bd460292e2853068a7b7474f742c83c2
                      • Opcode Fuzzy Hash: 06528b2b0f6e5a9bfeb3a630555f7a1c6d7e34dcd314888c808c7847b111b0ae
                      • Instruction Fuzzy Hash: E181C374E002188FDB18DFA9D994A9DBBF2FF89300F14C069E819AB365DB315985CF01
                      Function 016CC34A Relevance: 2.7, Strings: 2, Instructions: 176COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: PH^q$PH^q
                      • API String ID: 0-1598597984
                      • Opcode ID: 4ac313a7015a3bce25060fe7e3a9c523a1243c4c0652281506aa4ec3b052e144
                      • Instruction ID: 7e4d2b7dc90c5250fe53860e36fdde1e31e98bc8b7670e2e00a0ed8096c28fc1
                      • Opcode Fuzzy Hash: 4ac313a7015a3bce25060fe7e3a9c523a1243c4c0652281506aa4ec3b052e144
                      • Instruction Fuzzy Hash: CB81A474E012188FDB14DFA9D984A9DBBF2FF88700F54C06AE809AB365DB359985CF10
                      Function 016CC610 Relevance: 2.7, Strings: 2, Instructions: 176COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: PH^q$PH^q
                      • API String ID: 0-1598597984
                      • Opcode ID: fd9ecab03221e602230773d96f484b8f8668a8acd5d79305c1afd93bf973b2d9
                      • Instruction ID: 1616cd3923e229fb9082f89dfec820431a055cd5697cd6a9fe1c4e3979a4a6c1
                      • Opcode Fuzzy Hash: fd9ecab03221e602230773d96f484b8f8668a8acd5d79305c1afd93bf973b2d9
                      • Instruction Fuzzy Hash: A781A374E012188FDB14DFA9D984A9EBBF2FF88710F14C069E809AB365DB349985CF50
                      Function 016CB82A Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: PH^q$PH^q
                      • API String ID: 0-1598597984
                      • Opcode ID: 63f083dd469fb76a1350ace096a05d60dd01de00576c71ab0a4fb1cefc317c2d
                      • Instruction ID: 56f95ba87716775e7652448b7fd2a783a50193ace1b978d313ae7fbe719e29f3
                      • Opcode Fuzzy Hash: 63f083dd469fb76a1350ace096a05d60dd01de00576c71ab0a4fb1cefc317c2d
                      • Instruction Fuzzy Hash: 2C61B374E012089FDB18DFAAD984A9DBBF2FF89300F14C06AE819AB365DB345941CF41
                      Function 06D10040 Relevance: .7, Instructions: 704COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4737a7af09f279c2485370d4d8cbb9dd8094d8b67b259ca48ce29ad3e19659d3
                      • Instruction ID: c59ff95d610d938ef03f56da88a335722da44bf2a28758b94cf465feab6150a4
                      • Opcode Fuzzy Hash: 4737a7af09f279c2485370d4d8cbb9dd8094d8b67b259ca48ce29ad3e19659d3
                      • Instruction Fuzzy Hash: DC828D74E012289FDBA4DF69D994BDDBBB2BB88300F1481EA940DA7264DB355EC5CF40
                      Function 016CECD7 Relevance: .6, Instructions: 637COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 42c81f93da98c55d1fc314a35a4d0cef1933981b239703e57b99aa095b8a9551
                      • Instruction ID: faaa9cdc455e423ab7fc79aa64266bc007271c6d162a83256f47d525792891cd
                      • Opcode Fuzzy Hash: 42c81f93da98c55d1fc314a35a4d0cef1933981b239703e57b99aa095b8a9551
                      • Instruction Fuzzy Hash: 5A62AF74E012298FDB65DF69C884BE9BBB2FB89300F1481EAD409A7355DB349E81CF51
                      Function 016CF8C0 Relevance: .2, Instructions: 240COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 27bc4ab20993e430b6d1a1f1d99e3fe1195f94c723e441463eb47da8635bf6d7
                      • Instruction ID: e6104eb952bc7accb78ba870002ba2dc14b816e10ba394e6d02d35cef6b82310
                      • Opcode Fuzzy Hash: 27bc4ab20993e430b6d1a1f1d99e3fe1195f94c723e441463eb47da8635bf6d7
                      • Instruction Fuzzy Hash: CBB1A074E01218CFDB64DFA5D994B9DBBB2FB88300F2081AAD809A7365DB359D85CF50
                      Function 06D16D30 Relevance: .2, Instructions: 234COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b937756f5487c8a63499a415936fb3c11c03f2ea66177e2b5360cff2bd6ae173
                      • Instruction ID: b31c982211b1b2d480e6408b49e3b6c92f636462b6b16ab81839255b08bf8295
                      • Opcode Fuzzy Hash: b937756f5487c8a63499a415936fb3c11c03f2ea66177e2b5360cff2bd6ae173
                      • Instruction Fuzzy Hash: E9B1A074E00218CFDB58DFA9D954B9DBBB2EF88300F2081A9D809AB365DB359D85CF51
                      Function 06D17118 Relevance: .2, Instructions: 228COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 78ab9eabaee07d8f54177a2ff5ed6ee8412679b5073dd0f73506f4786b2bc7ef
                      • Instruction ID: a441d247d05cc295d154dd86958479bc808832472ccef97534f18cd90f798541
                      • Opcode Fuzzy Hash: 78ab9eabaee07d8f54177a2ff5ed6ee8412679b5073dd0f73506f4786b2bc7ef
                      • Instruction Fuzzy Hash: C8B1B074E01218CFDB68DFA9D944B9DBBB2BF88304F2081A9D409AB364DB755E85CF50
                      Function 06D17108 Relevance: .2, Instructions: 192COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 05fdb9e8c2f31b85cb45fc7b5f79ad07e59c4f41fb0a131d9b3107d236ce8a1b
                      • Instruction ID: 43249ba3819d3e75b4c068221a51c9d2543837e62332a4dbe1699b79ac2a7a36
                      • Opcode Fuzzy Hash: 05fdb9e8c2f31b85cb45fc7b5f79ad07e59c4f41fb0a131d9b3107d236ce8a1b
                      • Instruction Fuzzy Hash: 93919374E01218CFDB58DFA9D944B9DBBF2BF88304F2081A9D409AB264DB755E85CF50
                      Function 06D1B5B8 Relevance: .2, Instructions: 172COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a36f20c093bd5b6c14e6a1134ef1be7da090d86c8a1767fe1513e651ef87575d
                      • Instruction ID: d45d97a8a94deae46aa68b86a1bb7764d669b3491f3cfe84bdbff0591c54e183
                      • Opcode Fuzzy Hash: a36f20c093bd5b6c14e6a1134ef1be7da090d86c8a1767fe1513e651ef87575d
                      • Instruction Fuzzy Hash: AC81E574E01218DFDB64CF6AD984B9DBBB2AF89300F14D0EAD40DAB254DB705A85CF51
                      Function 06D1A528 Relevance: .2, Instructions: 172COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 117635b5f7dfdf19cc5ef5626a18b97cf8c08c726ae294de202f033cec01d6bf
                      • Instruction ID: f5ae6b1162f3a6959a26f1ceed7d1ac654f88e8eb210cb9aae720582459cdc52
                      • Opcode Fuzzy Hash: 117635b5f7dfdf19cc5ef5626a18b97cf8c08c726ae294de202f033cec01d6bf
                      • Instruction Fuzzy Hash: BB81E374E016199FDB68CF6AD940B9DBBB2AF89300F14C0EAD40DAB254DB709E81CF51
                      Function 06D19FA0 Relevance: .2, Instructions: 172COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 88ec3e832a5a226df83134ea21466fa4302279420604f867853b776da5e5af55
                      • Instruction ID: def0b1c68a624980b63533a7b959e7c61d41bca0611fc653737e3b6fad410cba
                      • Opcode Fuzzy Hash: 88ec3e832a5a226df83134ea21466fa4302279420604f867853b776da5e5af55
                      • Instruction Fuzzy Hash: 7C81E370E012189FDB68CF6AD940B9DBBB2BF89300F14D0AAD40DAB255DB709A85CF51
                      Function 06D1AAB0 Relevance: .2, Instructions: 172COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4f02373db6d0807a3d22d47517628f222ed7447a6cd57152195839226c8941ce
                      • Instruction ID: 9e294ed022ad1e726e13712f1a2cf8556c63e4c0f6e1dca0b47c8cc85168dd08
                      • Opcode Fuzzy Hash: 4f02373db6d0807a3d22d47517628f222ed7447a6cd57152195839226c8941ce
                      • Instruction Fuzzy Hash: BC81E374E012189FDB68CF2AD940B9DBBF2AF89300F14D0EAD40DAB255DB709A85CF51
                      Function 06D19A18 Relevance: .2, Instructions: 172COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7fe1cbaf844ff183ed8178beddccdfe1884e6f128a4117a3fa095e72d6c88ff7
                      • Instruction ID: 49b06a732f38f94b6b6b7cdaa227dd1fc3c9fc2254363a9df3fd3c3ba96e4633
                      • Opcode Fuzzy Hash: 7fe1cbaf844ff183ed8178beddccdfe1884e6f128a4117a3fa095e72d6c88ff7
                      • Instruction Fuzzy Hash: B081D474E012189FDB68CF6AD990B9DBBF2AF89300F14C0EAD40DAB255DB705A85CF51
                      Function 06D18990 Relevance: .2, Instructions: 172COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fd06d3eafd9c25df0f658bf2370aab8a8af6305d5de7b05a69a8630267b19ad7
                      • Instruction ID: bc62177b871d2f2457be34b2717b764ae9da835b63e84f22356777e5743d1f50
                      • Opcode Fuzzy Hash: fd06d3eafd9c25df0f658bf2370aab8a8af6305d5de7b05a69a8630267b19ad7
                      • Instruction Fuzzy Hash: 3681D270E012189FDB68CF6AD984B99BBB2AF89300F14C1EAD40DAB255DB705A85CF51
                      Function 06D19498 Relevance: .2, Instructions: 170COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8af24fd5335dde08c87f4c7c9e83b3557b0095fce87b564772a0e8dd2b95e047
                      • Instruction ID: f9bc981d60d6a499187f824c4a147a6cf24980edbdfad68435f26b5ff9536679
                      • Opcode Fuzzy Hash: 8af24fd5335dde08c87f4c7c9e83b3557b0095fce87b564772a0e8dd2b95e047
                      • Instruction Fuzzy Hash: 8C81E274E012189FEB68CF6AD954B9DBBF2AF89300F14C0EAD40DAB254DB705A85CF51
                      Function 06D1B038 Relevance: .2, Instructions: 170COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f7a6aaa088adc82cd8644b867005e0794610f78d5f230015497d6414bb06fdc3
                      • Instruction ID: 591a2e6238574c7dbbf395f0bd256cfc99ab7c20807e4f8ec290a491ee231a30
                      • Opcode Fuzzy Hash: f7a6aaa088adc82cd8644b867005e0794610f78d5f230015497d6414bb06fdc3
                      • Instruction Fuzzy Hash: AC81D370E012189FDB68CF6AD984B9DBBB2AF89300F14C0AAD40DAB255DB705A85CF51
                      Function 06D18F18 Relevance: .2, Instructions: 170COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f5e1a40ecd486111d56ef396ce7eb700b6e1fd6dc9fd0091570a951b1cdf1710
                      • Instruction ID: 4a8e5a82bd6a3b12bbe522447dafee321809aaac1ac70023973e8dbaab844ae3
                      • Opcode Fuzzy Hash: f5e1a40ecd486111d56ef396ce7eb700b6e1fd6dc9fd0091570a951b1cdf1710
                      • Instruction Fuzzy Hash: 4F81E374E012189FDB68CF6AD954B9DBBB2BF89300F14C0EAD40DAB254DB705A85CF51
                      Function 06D1B027 Relevance: .1, Instructions: 129COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9bfd5ed585685a659aec9c6d3920a0166ee950377db7e5de74b800c8d4746b76
                      • Instruction ID: 2d41fa2d25a73ef90936303fc34b8d8a0a25a7e897849d81b41d200f1f5dbfb9
                      • Opcode Fuzzy Hash: 9bfd5ed585685a659aec9c6d3920a0166ee950377db7e5de74b800c8d4746b76
                      • Instruction Fuzzy Hash: 68519470E01219DFEB68CF2AD944B9ABBB3AF89300F14C1EA940DA7255DB705A85CF51
                      Function 06D1948A Relevance: .1, Instructions: 128COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dc130953447202a1bb5c09d3b5bcd803c5efdf64cf50f2ca0ff5a13b5e319a43
                      • Instruction ID: e92c3a7c5f6cd48fc25d7b8b1163f977958661852656d63c2148109ef688ce79
                      • Opcode Fuzzy Hash: dc130953447202a1bb5c09d3b5bcd803c5efdf64cf50f2ca0ff5a13b5e319a43
                      • Instruction Fuzzy Hash: C551C570E012188FEB68CF2AD950B99BBF3AF89300F14C1EAD40DAB254DB705A81CF51
                      Function 06D18F08 Relevance: .1, Instructions: 128COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 203fb50a29bd6117ef058bf48327752487398e19872c1e1c34a2816db8d4bbb0
                      • Instruction ID: f8ca7bb54b2f49dd4824ab0141788a4de5fb7bdf9be0e0499d03249cb73e8702
                      • Opcode Fuzzy Hash: 203fb50a29bd6117ef058bf48327752487398e19872c1e1c34a2816db8d4bbb0
                      • Instruction Fuzzy Hash: 8C51B770E016199FEB68CF2AD954B99FBB3AF88300F14C1EAD40DAB254DB705A85CF51
                      Function 06D19F90 Relevance: .1, Instructions: 96COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ca468bb54cd3bf6cc48d6374d8b18ef61548e316c5d04bc9901611b993205ded
                      • Instruction ID: 9a5094eb0bf27c18691cd8909289d30eb85e09aee83aa272193b774b23822827
                      • Opcode Fuzzy Hash: ca468bb54cd3bf6cc48d6374d8b18ef61548e316c5d04bc9901611b993205ded
                      • Instruction Fuzzy Hash: 9641AC71E01618DFEB68DF6BDD5179AFAF3AFC5300F14C0AA840CAA254DB704A858F61
                      Function 06D1A518 Relevance: .1, Instructions: 83COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: efcf80e9ba88de2985553c4b1f2a176260f7fb8a432c173fea8ae3a6735b03a9
                      • Instruction ID: 6b8f0775cf384eff934953b481fec0da13fd166a8a9a34527d1ad7f2a43ae6f8
                      • Opcode Fuzzy Hash: efcf80e9ba88de2985553c4b1f2a176260f7fb8a432c173fea8ae3a6735b03a9
                      • Instruction Fuzzy Hash: 2C319A71E016189BEB68CF6B8D4178AFAF3AFC9200F04C1F6850CA6214EB704A868F51
                      Function 06D1897F Relevance: .1, Instructions: 82COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5c77f49eb8fb118bf06a693117e6dd1bc5849950574a3052d1155e7c8e371e81
                      • Instruction ID: 5bc05866be71b7c22d705b442af3ce56a71b97acf55d3931567d3a46e06aa438
                      • Opcode Fuzzy Hash: 5c77f49eb8fb118bf06a693117e6dd1bc5849950574a3052d1155e7c8e371e81
                      • Instruction Fuzzy Hash: D8317C71E016188BEB68CF6BCC45799FAF3AFC9200F14C1FAC54CA6254EB704A868F51
                      Function 06D1B5A8 Relevance: .1, Instructions: 81COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e900785cb2901648218320c8a9484159f1639beb80260d8547c60c7e851f86df
                      • Instruction ID: 18c8c93401ab11a40036853b17a181707b1b580d217c1fb65d61d576fa2da79a
                      • Opcode Fuzzy Hash: e900785cb2901648218320c8a9484159f1639beb80260d8547c60c7e851f86df
                      • Instruction Fuzzy Hash: 0D319A71E016189BEB68CF6BDD4078AFAF3AFC9300F04C1BA950CA6214EB705A858F51
                      Function 06D19A08 Relevance: .1, Instructions: 80COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 623f68ce7da83c83f0e0330f4df7c5e9b5a876ff5c3fa6e3fb8c91e58eea2d64
                      • Instruction ID: 876865f4907c86412440d35fb23fcd1690696152ff5e5647d7f66cd46b48e8c0
                      • Opcode Fuzzy Hash: 623f68ce7da83c83f0e0330f4df7c5e9b5a876ff5c3fa6e3fb8c91e58eea2d64
                      • Instruction Fuzzy Hash: D1318D71E016189BEB68CF6BDC5579AFAF3AFC9200F14C1FA850CA6214EB704A858F51
                      Function 06D1AAA8 Relevance: .1, Instructions: 79COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 98bdf64ce8b7b59d2bfbe0c624a49f35bf36681a766c8bc245a04633aa6cd33f
                      • Instruction ID: 66cd4e50474fabcdd1fbc13c9df234fa634646eb0997bca803ea8c581c25e4de
                      • Opcode Fuzzy Hash: 98bdf64ce8b7b59d2bfbe0c624a49f35bf36681a766c8bc245a04633aa6cd33f
                      • Instruction Fuzzy Hash: AC316E71E016189BEB68CF6BDD4178AFAF3AFC9200F14C1FA950CA7254DB704A858F51
                      Function 016C6D91 Relevance: 10.5, Strings: 8, Instructions: 470COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: (o^q$(o^q$(o^q$(o^q$(o^q$(o^q$,bq$,bq
                      • API String ID: 0-1932283790
                      • Opcode ID: d58541fa668bccb8bcd3ca48bdc0c8370c2cb992a09f3b446e26c11cd89b30ab
                      • Instruction ID: 6209aa6c13f2ac3bac06700502610db803f41c87e939c7d6143af0971635f57d
                      • Opcode Fuzzy Hash: d58541fa668bccb8bcd3ca48bdc0c8370c2cb992a09f3b446e26c11cd89b30ab
                      • Instruction Fuzzy Hash: 88124930A002498FCB15CF69C984AAEBBF2FF88715F1485A9E9199B361DB31ED45CF50
                      Function 016C2098 Relevance: 8.3, Strings: 6, Instructions: 823COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: Xbq$Xbq$Xbq$Xbq$Xbq$Xbq
                      • API String ID: 0-1317942629
                      • Opcode ID: bc40b2bea82023248098130353d5fde65fa704d1d5ebb8b8b3c43e011a7a470d
                      • Instruction ID: f5fea06c024199a821244e691181db42039bcd286ceca4d278ea6b8a37f96d1e
                      • Opcode Fuzzy Hash: bc40b2bea82023248098130353d5fde65fa704d1d5ebb8b8b3c43e011a7a470d
                      • Instruction Fuzzy Hash: 0052D5789103148FCB644FB48C9A2377FB5FB56318B19C56DC8449AA86D734BC0BEB86
                      Function 016C8720 Relevance: 2.8, Strings: 2, Instructions: 340COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: 4'^q$4'^q
                      • API String ID: 0-2697143702
                      • Opcode ID: 29449ce964fd7f8fafe4962e503898fe6109feac22174e9c18878057106f3c3c
                      • Instruction ID: 5af377078db194b88f89ae3db704b473b190321573777b2070d05a2350e0d902
                      • Opcode Fuzzy Hash: 29449ce964fd7f8fafe4962e503898fe6109feac22174e9c18878057106f3c3c
                      • Instruction Fuzzy Hash: 56B13D313041158FEB359A6DCC5877E7A9EEF85F00F19006EE906CB3A5EB29CC528752
                      Function 016C55D8 Relevance: 2.8, Strings: 2, Instructions: 325COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: Hbq$Hbq
                      • API String ID: 0-4258043069
                      • Opcode ID: a08a46a205304ebb5906066111d938ebc633a09367ecd1286107d00b86b75748
                      • Instruction ID: 7c46c7a28b2b2eece8753afe81483cae3b713da8a3ef226439439caba90676e5
                      • Opcode Fuzzy Hash: a08a46a205304ebb5906066111d938ebc633a09367ecd1286107d00b86b75748
                      • Instruction Fuzzy Hash: E2B1CD307052648FDB15AF29DC54B7A7BA6EB89710F14846EE507CB3A5CF38E842C791
                      Function 016C5B38 Relevance: 2.7, Strings: 2, Instructions: 230COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: ,bq$,bq
                      • API String ID: 0-2699258169
                      • Opcode ID: a676d7f126af1c528df7ac117755c2837435e2a7bdedae2eb49759e1dd597596
                      • Instruction ID: 52c9bf5bd6ef3d5bf60c492c0213761724b79031fa2e2012286ebaff94899612
                      • Opcode Fuzzy Hash: a676d7f126af1c528df7ac117755c2837435e2a7bdedae2eb49759e1dd597596
                      • Instruction Fuzzy Hash: 50913731B006068FCB14DF69CC889BABBB2FF89A00B15856DD516DB365DB31F842CB91
                      Function 06D111E0 Relevance: 2.7, Strings: 2, Instructions: 228COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: LR^q$LR^q
                      • API String ID: 0-4089051495
                      • Opcode ID: e08951321eb57311cb008e5b9042e21d1ca2507e203bbbf929577e7d49511e23
                      • Instruction ID: 40ba0ce60363fa7f931db8194851633873aee3b595d910d3c4a9d70e5bd8ef47
                      • Opcode Fuzzy Hash: e08951321eb57311cb008e5b9042e21d1ca2507e203bbbf929577e7d49511e23
                      • Instruction Fuzzy Hash: B481F234B101069FCB48DF79E854A6E7BF6EF89604B1581A9E205DF3A5EB70DC02CB91
                      Function 06D17F68 Relevance: 2.7, Strings: 2, Instructions: 210COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: (&^q$(bq
                      • API String ID: 0-1294341849
                      • Opcode ID: 9f3956485299d9ecae2342c06fdf652124aa37f847151d8eb18265baf2d9e3d9
                      • Instruction ID: 381f1208c43bd8176d7248549edc6eb27e97b5e2b55d4b44ff588bc88f0f3790
                      • Opcode Fuzzy Hash: 9f3956485299d9ecae2342c06fdf652124aa37f847151d8eb18265baf2d9e3d9
                      • Instruction Fuzzy Hash: 93718F31F002199BCB55DFB9D850AAEBBF2BF88710F148529E405AB384DF709D46CB95
                      Function 016C8190 Relevance: 2.6, Strings: 2, Instructions: 107COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: $^q$$^q
                      • API String ID: 0-355816377
                      • Opcode ID: 7c0c539ec32a27002ff91bbc1b109fe61efce366085c5741bea23cfbfb62f336
                      • Instruction ID: 40a96de26475ba1478d708f5d7b79ef6d0a28577d11e94c82fba581b7e700b77
                      • Opcode Fuzzy Hash: 7c0c539ec32a27002ff91bbc1b109fe61efce366085c5741bea23cfbfb62f336
                      • Instruction Fuzzy Hash: 263172313045058FDB369AA9DC9863E7B6BFB84B10B19845ED512CB356DB2CDC4187D1
                      Function 016C0C8F Relevance: 1.6, Strings: 1, Instructions: 398COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: LR^q
                      • API String ID: 0-2625958711
                      • Opcode ID: fd9b7babd36acbb9da8bd4152346fb9695b7fc37d2737cc28ddefae0fe27fcc6
                      • Instruction ID: aac0c274dd00d10e910d7b9c71ea5e67d4cd1779286106587dacf8e76ec2e782
                      • Opcode Fuzzy Hash: fd9b7babd36acbb9da8bd4152346fb9695b7fc37d2737cc28ddefae0fe27fcc6
                      • Instruction Fuzzy Hash: CE229374D01219CFCB64EF64E994A9DBBB2FB49300F1081B9D809A7368DB786E95CF41
                      Function 016C0CA0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: LR^q
                      • API String ID: 0-2625958711
                      • Opcode ID: d4600e59dd5ec6e17e4809a292247600ca1f75eff83079d762d08bf37a91a1e7
                      • Instruction ID: 2df3d1a7478b21d89dee912f265f22be0a5dc66805d50d10771a7780d2ca9127
                      • Opcode Fuzzy Hash: d4600e59dd5ec6e17e4809a292247600ca1f75eff83079d762d08bf37a91a1e7
                      • Instruction Fuzzy Hash: B6229374D01219CFCB64EF64E994A9DBBB2FB49300F1081B9D809A7368DB386E95CF41
                      Function 016CA582 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: (o^q
                      • API String ID: 0-74704288
                      • Opcode ID: 9c7ee3ffc1749bfa60521cc3b53c679967f5861a57a3c29ae4fa5b6be2686c12
                      • Instruction ID: 306f105d70568f4c81c48ddb7c63d4d7fe7babbaff524fb46960737888470176
                      • Opcode Fuzzy Hash: 9c7ee3ffc1749bfa60521cc3b53c679967f5861a57a3c29ae4fa5b6be2686c12
                      • Instruction Fuzzy Hash: EA41E1317012089FCB15AB6AC854AAE7FF6FBC9610F24846DE906DB395DF349C02C7A1
                      Function 016CA748 Relevance: .4, Instructions: 416COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 94c7b9694b29afab52b9d9a8b7b98f4d1c397f33a74ba64dd45046a10b7cf1d0
                      • Instruction ID: 6401a8b63ca85841e79302cdb45531710999648336f51be70beaeaf0efda7ce4
                      • Opcode Fuzzy Hash: 94c7b9694b29afab52b9d9a8b7b98f4d1c397f33a74ba64dd45046a10b7cf1d0
                      • Instruction Fuzzy Hash: 9AF15E75A00119CFCB05CFACD9889ADBBF6FF88710B1A8559E505AB365DB34EC42CB50
                      Function 016C7370 Relevance: .2, Instructions: 201COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e6b96676620c27429b30c0fb52b67e60bab36c5a5562fb1d00e59ac545469da3
                      • Instruction ID: 5ceb53ee195ad3d66eb709bd6ff74248c6a73dff08a34d53562ee19285a5aa0d
                      • Opcode Fuzzy Hash: e6b96676620c27429b30c0fb52b67e60bab36c5a5562fb1d00e59ac545469da3
                      • Instruction Fuzzy Hash: 037103307002458FDB25DF29C898A7E7BE6EF99A45B1940A9E905CB3B1DB74DC41CF90
                      Function 06D10026 Relevance: .2, Instructions: 164COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3cea8893159d6c46ad7f1f17369b9e2a661dd497599c85a252695d137a8b4a4f
                      • Instruction ID: a947520a7e702276ce665a378ee298a612f8306d7bfb024768edcbd45a33aaf9
                      • Opcode Fuzzy Hash: 3cea8893159d6c46ad7f1f17369b9e2a661dd497599c85a252695d137a8b4a4f
                      • Instruction Fuzzy Hash: FA81A070E412289FEB65DF25D890BD9BBB2BB89300F1481EAD84DA7254DB745EC5CF40
                      Function 06D17425 Relevance: .2, Instructions: 157COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1924c0a577b1c3d01f208c4ba83c0e8d207264017d2378fc67454f39b3a89f72
                      • Instruction ID: d1fd5e3f7f0c6a72b4d1deb258bd772fce28c5e53cb9ce0322635719e38ebdae
                      • Opcode Fuzzy Hash: 1924c0a577b1c3d01f208c4ba83c0e8d207264017d2378fc67454f39b3a89f72
                      • Instruction Fuzzy Hash: 6A81E174A01218DFDB64DFA4D984B9DBBB2FF48300F2081A9D409AB3A4DB759E85CF50
                      Function 016CE077 Relevance: .1, Instructions: 138COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ab268b24a495184127b75d84f2573926f7763e3b3c0add37f4dbdbce0a8afa1a
                      • Instruction ID: de0787fd76829c0e2fe02fbd4490a846a345a6f4a830b1d06514d0bcd330299b
                      • Opcode Fuzzy Hash: ab268b24a495184127b75d84f2573926f7763e3b3c0add37f4dbdbce0a8afa1a
                      • Instruction Fuzzy Hash: 4E51F474D01218DFDB14DFB5D954AADBBB2FF88304F208529D809AB354DB395986CF41
                      Function 016CCBA2 Relevance: .1, Instructions: 133COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 73e90064c728e46f7d01fde06202885751af9ef4a887e41993b9c580118e19e8
                      • Instruction ID: ccff75f174cbd5af665cce987c5e61cfb6a13fa31b0265060b4c5b0f8aad36ee
                      • Opcode Fuzzy Hash: 73e90064c728e46f7d01fde06202885751af9ef4a887e41993b9c580118e19e8
                      • Instruction Fuzzy Hash: 19518774E01218DFDB54DFAAD584A9DBBF2FF89310F24816AE909AB364DB309945CF40
                      Function 016C3848 Relevance: .1, Instructions: 125COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 60d47082c0fb2eecfee072498c7e59ef930be9711666e1be875a0d4049e6e1fd
                      • Instruction ID: 16cc185b41e3497da13052ccd2cfb3cefa08e673835e9d2714a95bdf45dfd85f
                      • Opcode Fuzzy Hash: 60d47082c0fb2eecfee072498c7e59ef930be9711666e1be875a0d4049e6e1fd
                      • Instruction Fuzzy Hash: 5151A475E01208DFCB08DFA9D99499DBBF2FF89310B208469E805AB364DB35AD42CF51
                      Function 016C9993 Relevance: .1, Instructions: 124COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f1596e18457ba6e07740f423fe2592907f3aa931c37463f4f3526e676fef6072
                      • Instruction ID: f76097aa99e4afe0c901d7ded46bf1a75762b9acbc68ca5b1b455460fbada2c0
                      • Opcode Fuzzy Hash: f1596e18457ba6e07740f423fe2592907f3aa931c37463f4f3526e676fef6072
                      • Instruction Fuzzy Hash: E741AD31A04249DFCF12CFA9CC44AEEBFB2EF49718F048159E9159B266D735E911CB90
                      Function 06D17F58 Relevance: .1, Instructions: 117COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0f60088cace41f9efd6767edf0215c72d41be97ba73896ac708eb47d534a8a48
                      • Instruction ID: 00c50ffa577b9a6066e83b6df55469d46536e755e86255140ced42093c4e0aa6
                      • Opcode Fuzzy Hash: 0f60088cace41f9efd6767edf0215c72d41be97ba73896ac708eb47d534a8a48
                      • Instruction Fuzzy Hash: C4414471E00219ABDB14DFA5D890ADEFBF6BF88700F148129E415BB340DB70AD46DB91
                      Function 016CD5B1 Relevance: .1, Instructions: 102COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dc337fcf4b57cb19e087056e4cc97bec17b13b862663127149c362bc86f82a94
                      • Instruction ID: 88f61bb7232366010ad26fab14349b53d18ad72a1252853c107572553753c4b3
                      • Opcode Fuzzy Hash: dc337fcf4b57cb19e087056e4cc97bec17b13b862663127149c362bc86f82a94
                      • Instruction Fuzzy Hash: 94417670E01108CFCB01EFA8E8846ECBBB2FF59714FA09529E415AB255DB399852CF94
                      Function 016C4CF8 Relevance: .1, Instructions: 101COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 31b435cfc16822075825e1db843460a5429f10d2a89ff30ffefd5b40247ff5e5
                      • Instruction ID: 6c588b63a789383ba1d9a2daa53bba3af5cf1b13c24edd780df8555b3a17e986
                      • Opcode Fuzzy Hash: 31b435cfc16822075825e1db843460a5429f10d2a89ff30ffefd5b40247ff5e5
                      • Instruction Fuzzy Hash: 26318B3170510A9FCF11EF69D854ABA3FA2FB98610F108429F9158B355CF38DD61DBA0
                      Function 016CD54F Relevance: .1, Instructions: 91COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cae2b7a5156a625354096ce23bc9d763f184513c4bbe233fa00168643f1f58d5
                      • Instruction ID: 05b2cf52bacf29a6bf2993b9efc6927f11901804ec8d1e948c512646272be0dd
                      • Opcode Fuzzy Hash: cae2b7a5156a625354096ce23bc9d763f184513c4bbe233fa00168643f1f58d5
                      • Instruction Fuzzy Hash: E2410470D01208CFCB10EFA8E8846EDBBB2FF59315F609569E415AB355DB39A881CF94
                      Function 016CCD57 Relevance: .1, Instructions: 91COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0143b9afce47558ba4d30a752773ce0bca5d82cdf78bddedb5e2ac2982fe61dd
                      • Instruction ID: aa789f2797540cac2b56caee28444390581d897331727a28c7ce6eeac72ae818
                      • Opcode Fuzzy Hash: 0143b9afce47558ba4d30a752773ce0bca5d82cdf78bddedb5e2ac2982fe61dd
                      • Instruction Fuzzy Hash: E9419930412101CFD3343F20FA0D99CBBB4FF657167B59165F42A89838CAA86D96DF58
                      Function 016CD410 Relevance: .1, Instructions: 90COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 258c965ee2434fab8df16071c9cdd233bdbc04e0c24e91893c343562be95834b
                      • Instruction ID: 261dddbb761c04a68aab35a79ec6de382bc1ae4b96c5ad1890d00a54511fb214
                      • Opcode Fuzzy Hash: 258c965ee2434fab8df16071c9cdd233bdbc04e0c24e91893c343562be95834b
                      • Instruction Fuzzy Hash: BB310670D01208CBDB04EFAAD8446EDFBB2FF89305F54D529E914AB254DB35A881CFA4
                      Function 06D184A1 Relevance: .1, Instructions: 90COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a53af24517c2afb4af613af13d29b201baf5204d6330e69b262a78970f91103e
                      • Instruction ID: a787b3e1850d99f34e7c6532e00ccbf4bf272580d40bd458da833d05b6633ef7
                      • Opcode Fuzzy Hash: a53af24517c2afb4af613af13d29b201baf5204d6330e69b262a78970f91103e
                      • Instruction Fuzzy Hash: 7C41F774E00208DFDB54EFA5E4946ADBBB2FF49304F10812AD819AB354DB786D86CF81
                      Function 06D184B0 Relevance: .1, Instructions: 88COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6c5479bb191cd7691b3c30f24ad5f09c6298400266f04dd4b7381c896499c901
                      • Instruction ID: 101f32ea38149b3455ed3e675604e3928313e0049278290949d2c5286e69909e
                      • Opcode Fuzzy Hash: 6c5479bb191cd7691b3c30f24ad5f09c6298400266f04dd4b7381c896499c901
                      • Instruction Fuzzy Hash: 4541D874E00209DFDB54EFA5E5946ADBBB2FF88304F208129D419AB354DB785D86CF81
                      Function 016CA737 Relevance: .1, Instructions: 87COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 04128c53dae35a9433f604cb90e842bcac274ce393f965b507d5cc8e4624c89c
                      • Instruction ID: 3321a3fdcca3c81d5a1f822dad91ac29d4ca56e1d3b444250660fdf8251407f1
                      • Opcode Fuzzy Hash: 04128c53dae35a9433f604cb90e842bcac274ce393f965b507d5cc8e4624c89c
                      • Instruction Fuzzy Hash: A23161B1E015098FCB04CFACC888AAFBBB6FF84B10B158559E915973A5DB349D43CB90
                      Function 016C7618 Relevance: .1, Instructions: 87COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 556e2f21492c5090a8763699aa7f8aca92945aa79c4ed8af18e006e3548fc254
                      • Instruction ID: 477cc7815905135806eaa7a8d9a1ae50bc6b42899fa3f97624470a3696918761
                      • Opcode Fuzzy Hash: 556e2f21492c5090a8763699aa7f8aca92945aa79c4ed8af18e006e3548fc254
                      • Instruction Fuzzy Hash: 5321B0313102294BDB26262ECC9467E7697EFD4B14F24407DD506CB399EF2ACC429B91
                      Function 016CCD68 Relevance: .1, Instructions: 87COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 73a1c1c606ee455c30f731f60484e9b4e0198b132c28360641b6ab7c3b5d26ba
                      • Instruction ID: ee441be8a5a69bb3ecb7cf55596cde5ee8f79b6a59f619324462522fb6415214
                      • Opcode Fuzzy Hash: 73a1c1c606ee455c30f731f60484e9b4e0198b132c28360641b6ab7c3b5d26ba
                      • Instruction Fuzzy Hash: 1441A930012105CFC3303F20FA0D99CBBB4FF257167B58125F42A89838CAA8AC9ADF58
                      Function 016C7609 Relevance: .1, Instructions: 86COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 50a37b389b38bfd2c33bf13c071fbd4470ccc688f197907adbd4f70383713476
                      • Instruction ID: d83d53012459101f559ef6cc49f3a91dccfc005b7ae775dd4021163879ce01c2
                      • Opcode Fuzzy Hash: 50a37b389b38bfd2c33bf13c071fbd4470ccc688f197907adbd4f70383713476
                      • Instruction Fuzzy Hash: D021B0313152294BDB26272ECC9863D7A97EFD4E14B28407DD506CB396EF29C8429B91
                      Function 06D16D21 Relevance: .1, Instructions: 86COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 15a1815213a8069a0376af76254029d2bb3e3d2f674248271cbb7b72d3dd9d5c
                      • Instruction ID: 2034ed2f48f55092d7f7c3ebd2def99b0d1f5108ce1baf35374401ea3b27f291
                      • Opcode Fuzzy Hash: 15a1815213a8069a0376af76254029d2bb3e3d2f674248271cbb7b72d3dd9d5c
                      • Instruction Fuzzy Hash: B931E471E01248DFDB58DFEAD85069DBBF2EF88300F24C12AD419AB269EB715942CF51
                      Function 016CD3FF Relevance: .1, Instructions: 85COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 695bc28199fb00404499fac9ded0fca80da919631c5b8d26231377ef45e6baa0
                      • Instruction ID: 2ed12043114c5a0aa86b6b933871fa1a13048c65569642f4eb9f76db51fef4d9
                      • Opcode Fuzzy Hash: 695bc28199fb00404499fac9ded0fca80da919631c5b8d26231377ef45e6baa0
                      • Instruction Fuzzy Hash: E531F570D012098FDB04DFA9D8846EEFBB2FF89304F54C569D910AB255DB35A881CF54
                      Function 06D10E30 Relevance: .1, Instructions: 85COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f53e5e693292619ab4e93b856f35de021eba1f48d7dba47cf2f8c8743d58b6e3
                      • Instruction ID: f024861249b527f40625461ae50d7bee2f2d68f81810cf5333506755ae854fda
                      • Opcode Fuzzy Hash: f53e5e693292619ab4e93b856f35de021eba1f48d7dba47cf2f8c8743d58b6e3
                      • Instruction Fuzzy Hash: 4B213631A00112EFCBA9BB2EF89087E7BB2EB452007184425F459DB651CF74DD81C7A2
                      Function 06D1BB40 Relevance: .1, Instructions: 81COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6983ac212db2d5ac96e2af5c01f5260c764a60be0dcd570c7194056af623c584
                      • Instruction ID: be26ad798ac2672613dfae677be95554f8a2c060afabca4137966c1795726ab7
                      • Opcode Fuzzy Hash: 6983ac212db2d5ac96e2af5c01f5260c764a60be0dcd570c7194056af623c584
                      • Instruction Fuzzy Hash: 4F316C34B40209DFE724AFB5E4587ED7776EB89725F404029D6026B298CFB81D81CFA6
                      Function 0142D006 Relevance: .1, Instructions: 78COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101244782.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_142d000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 130d12d15db2a1d8aa8f54a6ebb4bfda2782e085d6f5936bec53fa6d410b06e2
                      • Instruction ID: 2c5f985fc27453a1582586b0f2ec4beffa5d2a6fbfab88cfada96732c3bde4f7
                      • Opcode Fuzzy Hash: 130d12d15db2a1d8aa8f54a6ebb4bfda2782e085d6f5936bec53fa6d410b06e2
                      • Instruction Fuzzy Hash: 8F31497140D3C09FDB078B64C990612BF71AB47214F29C5DBD8888F2A3C27A984ACB62
                      Function 016C1FA8 Relevance: .1, Instructions: 77COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 25f5872b622e52f211c31b277030c5e18ff633be9a75dcaebbcfd498082ae99f
                      • Instruction ID: da66d7aa07045805b9299692af003918ffab85845d9f868fa2cb3a830728836d
                      • Opcode Fuzzy Hash: 25f5872b622e52f211c31b277030c5e18ff633be9a75dcaebbcfd498082ae99f
                      • Instruction Fuzzy Hash: 8721B071A001059FCB14DF68C8509BE37A5EB89A64B10C06EDC4A9B380DB38EA06CBD3
                      Function 016C59A0 Relevance: .1, Instructions: 74COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 56eba099a1edb32c04b2289b24a5b5b587f4f68c4407cb1f813c9e28a454b017
                      • Instruction ID: 91770e4a4ecdd20d7a6188b1cf5f2208dc70d6e9212613e58a80f336dc7f3da0
                      • Opcode Fuzzy Hash: 56eba099a1edb32c04b2289b24a5b5b587f4f68c4407cb1f813c9e28a454b017
                      • Instruction Fuzzy Hash: 962105357016128BC7259A6ECC9463AB792FF89A20714407DE907DB354CF34EC028BC0
                      Function 0142D044 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101244782.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_142d000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c8308ad526fc850a8b223c8469c95b36a4e4e85bc5d399b4483dc3a0bbf6f965
                      • Instruction ID: 6ada264a7c3b44fb52b1f39685d39bcce7d369ac4066fa04f4ab6046653704e0
                      • Opcode Fuzzy Hash: c8308ad526fc850a8b223c8469c95b36a4e4e85bc5d399b4483dc3a0bbf6f965
                      • Instruction Fuzzy Hash: 9D2167B1900204DFCB05CF58C9C0B26BB61FB88318F60C56EE8094B372C73AD887CA61
                      Function 06D18149 Relevance: .1, Instructions: 68COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: af737be3fae162b1b41ee29ad9c0692e59db9f28742b4cedb93d781094c1993b
                      • Instruction ID: 28dd7361901223e81517792d9e5751c51aed097318cc52a3f3b3a7fce3b4747e
                      • Opcode Fuzzy Hash: af737be3fae162b1b41ee29ad9c0692e59db9f28742b4cedb93d781094c1993b
                      • Instruction Fuzzy Hash: 4A112B353042946FCB45AF79982467E3FB7FBC9260B184469E905CB395DE348D02C39A
                      Function 016C4CE9 Relevance: .1, Instructions: 67COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0eed8c4de3d0799206fd2bbc310e2f778b6261333a25058abb16e2c376d7978a
                      • Instruction ID: 89d34f1c6d0d212fb4c1052114c31616211d619daa1432688af1bcc9731f616d
                      • Opcode Fuzzy Hash: 0eed8c4de3d0799206fd2bbc310e2f778b6261333a25058abb16e2c376d7978a
                      • Instruction Fuzzy Hash: 8D219F72A0511A9FCB15EF68D85477A3BA2EB58B15F108069F8058B355CF38DD52CBA0
                      Function 016C5990 Relevance: .1, Instructions: 64COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f516fe4a3fa881998696452e28c16b35252cb1e9dadcca405da8c61ac67189e7
                      • Instruction ID: 875d1b6d08711d415769faba179006020953b71e2466b55de10054ecbd7c694a
                      • Opcode Fuzzy Hash: f516fe4a3fa881998696452e28c16b35252cb1e9dadcca405da8c61ac67189e7
                      • Instruction Fuzzy Hash: 4411C4317016129FD7259A6ECCA467A77A2FF85B6172941ADD907DB354CF34EC028BC0
                      Function 06D1BE70 Relevance: .1, Instructions: 59COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1a4713b8323d3e4a339e2c331e7303dbaff1208f6d484864281767de807d8943
                      • Instruction ID: 4bb2013978ed8c9b8b4ded7a8bb2db1a49ed6978bf72a5f2948d2a1cac082d7e
                      • Opcode Fuzzy Hash: 1a4713b8323d3e4a339e2c331e7303dbaff1208f6d484864281767de807d8943
                      • Instruction Fuzzy Hash: C311C434305254AFD7145A7E989867BBBEAEBDA250F148877E606C7399CE39CC068360
                      Function 06D1BB30 Relevance: .1, Instructions: 59COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2308a61852bc2e40e771fd1ee5998cc2d2aeee91864fe84a9b6218c10260a51e
                      • Instruction ID: 1e564e9c9da08a7e323a9e2f2611826cc7959693a6a577a58dde122a9da13e8c
                      • Opcode Fuzzy Hash: 2308a61852bc2e40e771fd1ee5998cc2d2aeee91864fe84a9b6218c10260a51e
                      • Instruction Fuzzy Hash: DD217234B01209DFE724AFB5E4587ED7776EB89325F408029D5026B298CFB81981CFA5
                      Function 016CDF99 Relevance: .1, Instructions: 58COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 91b2eb6b00e3bd21b0c3c6d1c9609561586540957dd493a003d60fcc41b6c3c5
                      • Instruction ID: 0e634c659d4d6d6687833526167e19e6617dcde36bb10b7e017bd4883482c6f5
                      • Opcode Fuzzy Hash: 91b2eb6b00e3bd21b0c3c6d1c9609561586540957dd493a003d60fcc41b6c3c5
                      • Instruction Fuzzy Hash: 33211570D001099FDB14EFB9D98169EBFF2FB95304F0495BAD014AB329EB785A458B81
                      Function 06D17C9C Relevance: .1, Instructions: 55COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7f398c7a705cf136d04919ee8ca299ed0442eefd4e15524085536e718f78640e
                      • Instruction ID: 6a8c70ba7c93cb0135e8f2dbb1a483bf670f9fbc047c9acc7a6b5f3c1c928400
                      • Opcode Fuzzy Hash: 7f398c7a705cf136d04919ee8ca299ed0442eefd4e15524085536e718f78640e
                      • Instruction Fuzzy Hash: EC1167B2800359EFDB10CF99D844BEEBFF5EB48320F148419EA58A7210C375A550DFA5
                      Function 016CDFA8 Relevance: .1, Instructions: 54COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e5a61fa2020ad8efea66955ff3fc6e91600e74161f2a18bb810cf2c5d9dfa4e7
                      • Instruction ID: 790b9e3e47a0a77bbb239924e24d6ab3dad5961298f816abdb2ec393c9b19345
                      • Opcode Fuzzy Hash: e5a61fa2020ad8efea66955ff3fc6e91600e74161f2a18bb810cf2c5d9dfa4e7
                      • Instruction Fuzzy Hash: 03112970D0010A9FDB04EFB9D98069EBFF2FB84304F04D5BAD014AB328EB745A458B81
                      Function 016C1E98 Relevance: .1, Instructions: 54COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0b4c7a7db121af05a9e817ad38bf11292da61fc2b386d75f6a132aae48fe75ee
                      • Instruction ID: 68f8da471a920d684571975f5434a88af6c412aeb2e40b08a085d3e8937f4fca
                      • Opcode Fuzzy Hash: 0b4c7a7db121af05a9e817ad38bf11292da61fc2b386d75f6a132aae48fe75ee
                      • Instruction Fuzzy Hash: DF21E2B4D012098FCB41EFA8D8556EDBBF1FF49300F14816AD809B7264EB345A85CFA2
                      Function 016C1E40 Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 29064059aa2b7d6f58f407933c468b7045e36a58765e3107e51a5de2de578bf3
                      • Instruction ID: 29048523b71c71d2f5c97bbdc61d89ac1fb09590716358bb4b3e3c132be52b33
                      • Opcode Fuzzy Hash: 29064059aa2b7d6f58f407933c468b7045e36a58765e3107e51a5de2de578bf3
                      • Instruction Fuzzy Hash: 2C212774D016098FCB11EFA8D8445EEBFF0FF4A314F2441AAD445B7264EB345A85CBA1
                      Function 06D183F0 Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 13a20debc00d2dc845b0c188f30cda8bc107ca971899b8f3956b6e261bd43df5
                      • Instruction ID: bf5366494c10c640f409276531540f03d16ad719d5f6c1b06752ddb56e80949f
                      • Opcode Fuzzy Hash: 13a20debc00d2dc845b0c188f30cda8bc107ca971899b8f3956b6e261bd43df5
                      • Instruction Fuzzy Hash: 04118BB6800209DFCB10CF99D905BDEBFF5EF48320F14841AE518A7210C375A554DFA4
                      Function 06D11470 Relevance: .0, Instructions: 50COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 87ecb27ecf0722d413d080c333a043b46c5f6d2ffca405635a2e30f878d1aedc
                      • Instruction ID: 68739b929eaa2357979e74e8f1a263b215e4b8303f39cc0b8b295f622737b206
                      • Opcode Fuzzy Hash: 87ecb27ecf0722d413d080c333a043b46c5f6d2ffca405635a2e30f878d1aedc
                      • Instruction Fuzzy Hash: 5101AD71A002128FC764EFBCE90856E3BF4EF886117110169E84ADB315EB31D841CFD0
                      Function 016C5538 Relevance: .0, Instructions: 49COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9e04a5af217ac45b506baec9a66eea6204a54ffe47a7b3b3c87701ce35a94c89
                      • Instruction ID: 92ff92f686d81289722ce48a9e0b96d2c72ff732b61b289454bf2fd1257b9db7
                      • Opcode Fuzzy Hash: 9e04a5af217ac45b506baec9a66eea6204a54ffe47a7b3b3c87701ce35a94c89
                      • Instruction Fuzzy Hash: F301F172B050146FDF069E589C106AE3FE7EBE8A50F28802AF506D7294DE75D9028790
                      Function 06D17928 Relevance: .0, Instructions: 48COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ecbf333f3c00795be197d2b6680cafe4663c0f92df3abde9926aebd982488f4a
                      • Instruction ID: dbdd46a57af201c4ebf6ba6557c97072f3f95b6beacd1cfe9e4e0ddf26a7c871
                      • Opcode Fuzzy Hash: ecbf333f3c00795be197d2b6680cafe4663c0f92df3abde9926aebd982488f4a
                      • Instruction Fuzzy Hash: 8A110974F001499FDB00DFFCE960B9EBBF1EB88325F019465E908EB358EA7499458B51
                      Function 06D113E8 Relevance: .0, Instructions: 37COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a8bc4e9d8670dbfafd1d75ce8142e061faf1e13ee539e21688702da35443003e
                      • Instruction ID: b52d39b2fba59e79785dfba47aaa4e8246bf755876efcb12e2063b2fe13bc375
                      • Opcode Fuzzy Hash: a8bc4e9d8670dbfafd1d75ce8142e061faf1e13ee539e21688702da35443003e
                      • Instruction Fuzzy Hash: FC01F670E002199FCF44EFB9D8006EEBBF5AF88604F10856AD519F7250E7789901CB91
                      Function 06D10F20 Relevance: .0, Instructions: 34COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 11efaa0ac0c4c68294041154c7b67cc697c752a006fd02b29bb118b415cccef7
                      • Instruction ID: dd78e071a6429006f77e0af2f52ee05d1bf83b61685fc059e89224ac137d8296
                      • Opcode Fuzzy Hash: 11efaa0ac0c4c68294041154c7b67cc697c752a006fd02b29bb118b415cccef7
                      • Instruction Fuzzy Hash: B1F0E2343041049FD754AB29E845A6A7BFAEFC5620F0540B9F509CF371CE60DC01CBA0
                      Function 06D10F30 Relevance: .0, Instructions: 33COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 355d621e5041ee726db5ae8c6837d8d828f78a9d2e1078453d4ec1d75fe4ff2a
                      • Instruction ID: d3090a1209b082ad6d6b741a8e2d1d89e67b5204e92953776ad847483d6c0a6c
                      • Opcode Fuzzy Hash: 355d621e5041ee726db5ae8c6837d8d828f78a9d2e1078453d4ec1d75fe4ff2a
                      • Instruction Fuzzy Hash: 18F0A7343001009FD758AB2AE85492A77BAEFC4651B1580B9F506CB375DE70DC01C7A0
                      Function 016CD2A4 Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d87cf980789ae14142ce11ed8aa9e67da52b6ac676548044027d7ec4ea9bc598
                      • Instruction ID: 7b24adea52b0eb548f1cbbf6e59395f196d2be161b4f1376a926b8e918e4fb08
                      • Opcode Fuzzy Hash: d87cf980789ae14142ce11ed8aa9e67da52b6ac676548044027d7ec4ea9bc598
                      • Instruction Fuzzy Hash: 3AE0686280D140CBD32107E8EC283B53F60DB53262F8444EAD209CA1B5D718C212E761
                      Function 016C1F58 Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 27ae712160ab92cc6d8ebf60217c3b23866ec7676610936b2745120c06b800c6
                      • Instruction ID: 707bf8e284f43ff0ff139e182c504676bc0f373b42056ca2fcf537ced6460279
                      • Opcode Fuzzy Hash: 27ae712160ab92cc6d8ebf60217c3b23866ec7676610936b2745120c06b800c6
                      • Instruction Fuzzy Hash: 5BE09231D2436A5BCB02EBB0DC405DEBB34ED97210B8545A2D0A46B141EB70651AC7B2
                      Function 016CD24A Relevance: .0, Instructions: 25COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4e415a759b30e785ba76ca5dbd9c502dae0b1503af29485d729a6d42737b85c6
                      • Instruction ID: 3b2234aab30bb7b33d00adfc4fc1806da0b741f666628fbe950c64c7202d1599
                      • Opcode Fuzzy Hash: 4e415a759b30e785ba76ca5dbd9c502dae0b1503af29485d729a6d42737b85c6
                      • Instruction Fuzzy Hash: 94E02631D842049FCB209AA8FC097F933B4EBC7322F469939D704922A0CB7955218AE1
                      Function 016C1F68 Relevance: .0, Instructions: 19COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 628432ef444aa55fc0e88333aa98f54a4d21ac2bf36efe6ec139f3e6bd795b48
                      • Instruction ID: 38500f3bade9f6392afe9a83f925e0f025d31839c3fe1b8d4446b912d8b1d3f2
                      • Opcode Fuzzy Hash: 628432ef444aa55fc0e88333aa98f54a4d21ac2bf36efe6ec139f3e6bd795b48
                      • Instruction Fuzzy Hash: 72D01231D2022A578B00AAA5DC044EEB738EE95665B504626D55437140EB70665986A2
                      Function 016CA63D Relevance: .0, Instructions: 16COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f88db9857864796876e791b4d32c834cb1ed374199d29120ebc6a7ed6d7c1868
                      • Instruction ID: 48f8a35984c1a848437b6efc3672ba2170532366f111acf154995d8d92f51ccc
                      • Opcode Fuzzy Hash: f88db9857864796876e791b4d32c834cb1ed374199d29120ebc6a7ed6d7c1868
                      • Instruction Fuzzy Hash: E1D0173AB00008DFCF009F88E8408DDF7B6FB98220B108016E911A3220CA319821CB50
                      Function 016C5DD8 Relevance: .0, Instructions: 16COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 43adf266d6d903e4b096094420f4c3c4a338d827b313504ed23d75ea6a03f9f2
                      • Instruction ID: 1b5969d096d4390b114d299686f669bc4d7087b050bbff554e28b7fec2120e2e
                      • Opcode Fuzzy Hash: 43adf266d6d903e4b096094420f4c3c4a338d827b313504ed23d75ea6a03f9f2
                      • Instruction Fuzzy Hash: D0D02B3000C3460FC712BB38A890650BF39EB81208F5481F1A4440A22FDE7C89958344
                      Function 016C5DE8 Relevance: .0, Instructions: 12COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 64a20729f07710320050f3035ad4b8425577f74c2dcf079e29c5713b9ac334a6
                      • Instruction ID: e8f8339575a1320f638f23b07f8f852a14e37c4243abe4959ed230d4b9f54e7b
                      • Opcode Fuzzy Hash: 64a20729f07710320050f3035ad4b8425577f74c2dcf079e29c5713b9ac334a6
                      • Instruction Fuzzy Hash: C2C012305447094FC511FB65E945555772EF6D0204F50C570B4090722FDF7C9C994794
                      Function 06D10F00 Relevance: .0, Instructions: 11COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3b3428296c172d5534c5ca334a102278f0ad5ca26c1f4b7fc3ce970f6d24f3fa
                      • Instruction ID: 89897811b8ba2e8cce4add0897bb0133f14613b92e5fa2995cddc2e8eb2e1c02
                      • Opcode Fuzzy Hash: 3b3428296c172d5534c5ca334a102278f0ad5ca26c1f4b7fc3ce970f6d24f3fa
                      • Instruction Fuzzy Hash: 39C012382062804FCB029B18E929A913BA27788201F288080B08483326CB24B801CB62
                      Function 016C8F81 Relevance: .0, Instructions: 8COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 17c7c9504bd8b89ad55f3af0f85a97a9e1769847bd768fd6ce5a9f5152a38700
                      • Instruction ID: 8534806d910889f56407022f704173ac410fe11729ba68c0e015222ceb03defe
                      • Opcode Fuzzy Hash: 17c7c9504bd8b89ad55f3af0f85a97a9e1769847bd768fd6ce5a9f5152a38700
                      • Instruction Fuzzy Hash: 15C09BF34064505FDB03D614DC6D7C776199F53345F1E01A65040A5352E1155500C690

                      Non-executed Functions

                      Function 06D11A20 Relevance: 13.0, Strings: 10, Instructions: 489COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: "$Hbq$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q
                      • API String ID: 0-2450740202
                      • Opcode ID: 4572449793448af0d11ee42385748250b0f018d675f0cf2acd2af20ec7a6171f
                      • Instruction ID: aebf546e2c5cbd5d827501f80c693075f9deae96581e5c52cf63a34afa6d6515
                      • Opcode Fuzzy Hash: 4572449793448af0d11ee42385748250b0f018d675f0cf2acd2af20ec7a6171f
                      • Instruction Fuzzy Hash: 0932D274E00218CFDB68DF69D944B9DBBB2FB89300F1081A9D909AB364DB759E85CF50
                      Function 016CE2A0 Relevance: 1.8, Strings: 1, Instructions: 535COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: .5vq
                      • API String ID: 0-493797296
                      • Opcode ID: 422056707782fa57240464415c37428a41c04befb602f69f8f24a0486358a219
                      • Instruction ID: 00c558b78994eaecb9e2468905d8699357d9696ff9e1dc688dd9cba1038d2b8c
                      • Opcode Fuzzy Hash: 422056707782fa57240464415c37428a41c04befb602f69f8f24a0486358a219
                      • Instruction Fuzzy Hash: 7C526B74A01229CFDB64DF69C984B9DBBB2BB89300F1085EAD409A7364DB359EC5CF50
                      Function 016CE290 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: .5vq
                      • API String ID: 0-493797296
                      • Opcode ID: 2bc7966859d900647da5be7bc9ea6f4ca4ad756b954f9bc202a0e5910a358664
                      • Instruction ID: dfde01f75297489cd59ee4374ce825f8a839057a773f46698a49d87015caf7b2
                      • Opcode Fuzzy Hash: 2bc7966859d900647da5be7bc9ea6f4ca4ad756b954f9bc202a0e5910a358664
                      • Instruction Fuzzy Hash: EA61B474E01259CBDB28DF66D840B9EBBB2FB88300F10C5AAD809A7368DB355D85CF50
                      Function 06D13500 Relevance: .7, Instructions: 658COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0db5579ea1c11d10a93cc24666dedd7db331a90d7d5600358583e8ef34190c7a
                      • Instruction ID: 5791b4d85fbed25c69be46a24a1a804e6fc0af1dc816443376558245f83acfbf
                      • Opcode Fuzzy Hash: 0db5579ea1c11d10a93cc24666dedd7db331a90d7d5600358583e8ef34190c7a
                      • Instruction Fuzzy Hash: 26728C74E012289FDB64DF69D994BDDBBB2BF88300F1081EA940DAB264DB355E85CF41
                      Function 06D12880 Relevance: .6, Instructions: 642COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2ca751db5cefdc057a4603ba070b67d9c110b4b3a4c6a74d12b3b167e36190f8
                      • Instruction ID: d9210aac60796df0d49c9a80935291b1129d18437dd101a6ebc6743abab7fdd6
                      • Opcode Fuzzy Hash: 2ca751db5cefdc057a4603ba070b67d9c110b4b3a4c6a74d12b3b167e36190f8
                      • Instruction Fuzzy Hash: 69727C74E012289FDB65DF69D984BDEBBB2BF88300F1081EA940DA7264DB355E85CF41
                      Function 06D145F8 Relevance: .2, Instructions: 234COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: af49ea89cacf095fb74574d671b668b9cd36f3ae486a7c867219dff30d50b2f1
                      • Instruction ID: 92b7a281130e26d392c8800d203c239d52bbb5a75b37d95cdbd700d17fb9ce2e
                      • Opcode Fuzzy Hash: af49ea89cacf095fb74574d671b668b9cd36f3ae486a7c867219dff30d50b2f1
                      • Instruction Fuzzy Hash: 26B1CF74E00218CFDB58DFA9D954B9DBBB2EF89300F2081A9D809AB364DB359D81CF51
                      Function 06D15598 Relevance: .2, Instructions: 234COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 116a29eba8e3347f0f4355e261161bd07f8e0ea9514ece66e7ea6b3855776142
                      • Instruction ID: 00bea075c32e0281223d35593aa3b7fc39da5a1d148714f38157739dacf73329
                      • Opcode Fuzzy Hash: 116a29eba8e3347f0f4355e261161bd07f8e0ea9514ece66e7ea6b3855776142
                      • Instruction Fuzzy Hash: D3B1A074E00218CFDB58DFA9D954B9DBBB2EF89300F2081A9D809AB364DB359D85CF51
                      Function 06D16560 Relevance: .2, Instructions: 234COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fb5800c5b468b3ed154d4ffcbd6d1f2ce04714c21ab4740b8c6965070b90486b
                      • Instruction ID: ed7e3832ed00b68be4728b063b8b522cf3c150d2763586567e1e39224810e055
                      • Opcode Fuzzy Hash: fb5800c5b468b3ed154d4ffcbd6d1f2ce04714c21ab4740b8c6965070b90486b
                      • Instruction Fuzzy Hash: D9B1CF74E00218CFDB58DFA9D944B9DBBB2EF89300F2081A9D809AB364DB359D81CF51
                      Function 06D141E8 Relevance: .2, Instructions: 234COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e18353ec8a186be5625ed73260236d225e7a5253eea3a4c787f9d8f188054cf7
                      • Instruction ID: e47274b94bf8e4e423c0e25dfc14f5282bc988d65014ab6bc2596cd5b1994059
                      • Opcode Fuzzy Hash: e18353ec8a186be5625ed73260236d225e7a5253eea3a4c787f9d8f188054cf7
                      • Instruction Fuzzy Hash: C0B1C074E00218CFDB58DFA9D954B9DBBB2EF89300F2081A9D809AB364DB359D81CF51
                      Function 06D151B0 Relevance: .2, Instructions: 234COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d36dd86a2492002b4ee9e8c621970ebe371ac165e27ee09fbedc5ecc65e8032d
                      • Instruction ID: 9cc204f6c33f65de3644da70474a2ab0ed6111a940c303e5650132ad79ce5195
                      • Opcode Fuzzy Hash: d36dd86a2492002b4ee9e8c621970ebe371ac165e27ee09fbedc5ecc65e8032d
                      • Instruction Fuzzy Hash: 14B1AF74E00218CFDB58DFA9D954B9DBBB2EF88300F2081A9D809AB365DB359D85CF51
                      Function 06D16178 Relevance: .2, Instructions: 234COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7a9c754a6431d8a6578218a3f2e200be841a19114dfc7283ec84bb0c0f0fcfbe
                      • Instruction ID: 5566d8b483b380a5fde3692f8c66a93ed3c45e744b2091516f0466aec5d26f53
                      • Opcode Fuzzy Hash: 7a9c754a6431d8a6578218a3f2e200be841a19114dfc7283ec84bb0c0f0fcfbe
                      • Instruction Fuzzy Hash: B6B1C074E00218CFDB58DFA9D954B9DBBB2EF88300F2081A9D809AB365DB359D85CF51
                      Function 06D14DC8 Relevance: .2, Instructions: 234COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ac5ed5194c61b9d7f7fd7e3c1ef1ce58a664e7d307ac1c9a0c62d3249b0fa1f4
                      • Instruction ID: 20850a2c8428d4b2f166d7ab4445731c807e5a62b5f7ca12dbc724d6c362de8d
                      • Opcode Fuzzy Hash: ac5ed5194c61b9d7f7fd7e3c1ef1ce58a664e7d307ac1c9a0c62d3249b0fa1f4
                      • Instruction Fuzzy Hash: 83B1A074E00218CFDB58DFA5D954B9DBBB2EF89300F2081A9D809AB364DB359D85CF51
                      Function 06D15D90 Relevance: .2, Instructions: 234COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 57398fb7926b0c05afe24d2963b0ae960c34b6c0a7c384cfd6bc0a86afce3a8f
                      • Instruction ID: 63bf44abe13306de7bec2a476bf02409549ce3abecbdd6621acfba34a88a0614
                      • Opcode Fuzzy Hash: 57398fb7926b0c05afe24d2963b0ae960c34b6c0a7c384cfd6bc0a86afce3a8f
                      • Instruction Fuzzy Hash: 84B1A074E00218CFDB58DFA9D944B9DBBB2EF88300F2081A9D809AB365DB359D85CF51
                      Function 06D149E0 Relevance: .2, Instructions: 234COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8a98138abb1ed43fe7dbd429d06ac61dcacd924e0d5f393f2efe062dd9116c35
                      • Instruction ID: 5ca64c7468eb6f47d823f96e85ab943e9f6b9e29d85a84464591ff16ee7959b6
                      • Opcode Fuzzy Hash: 8a98138abb1ed43fe7dbd429d06ac61dcacd924e0d5f393f2efe062dd9116c35
                      • Instruction Fuzzy Hash: 69B1AF74E00218CFDB58DFA9D954B9DBBB2EB89300F2081A9D809AB364DB359D85CF51
                      Function 06D15980 Relevance: .2, Instructions: 234COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fd2e1406521582ee28d935d7728f19639f1bd59bf5c1421ce91e7a80b2735bd8
                      • Instruction ID: 2a38e30ea4b4ee2a1efcbda34b4b2a0110310b250a1e720c25ba0cd8ef26bc2e
                      • Opcode Fuzzy Hash: fd2e1406521582ee28d935d7728f19639f1bd59bf5c1421ce91e7a80b2735bd8
                      • Instruction Fuzzy Hash: 5DB1A174E00218CFDB58DFA5D954B9DBBB2FB88300F2081A9D809AB365DB359D85CF51
                      Function 06D16948 Relevance: .2, Instructions: 234COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2c5eac42dd25f69e02aab1823dc06ad87d63717f76d1a3688164d54891a6655b
                      • Instruction ID: a01c4324be5dd7d3a88c90e1d009a583de4f69749afbe78306e0f6ab0a8c83b2
                      • Opcode Fuzzy Hash: 2c5eac42dd25f69e02aab1823dc06ad87d63717f76d1a3688164d54891a6655b
                      • Instruction Fuzzy Hash: 22B1A074E00218CFDB58DFA9D954B9DBBB2EF88300F2081A9D809AB365DB359D85CF51
                      Function 06D12540 Relevance: .2, Instructions: 203COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 189db844ee21e61ebcdb91c9866f572c4eab2f2fd40fd3d5c6502b2fd7d5dec3
                      • Instruction ID: 9d7c37d9aa8fdf6238a2c43f22b9c434942754c38cf4914a7e2b260925158373
                      • Opcode Fuzzy Hash: 189db844ee21e61ebcdb91c9866f572c4eab2f2fd40fd3d5c6502b2fd7d5dec3
                      • Instruction Fuzzy Hash: 29A1A874E10218CFDB54DFA9D984A9DBBB2FF88300F1081A9D819AB365DB71AD85CF50
                      Function 06D1616C Relevance: .1, Instructions: 85COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1327a371d212c0aaaf24b1aa60e37df838c86a8d4539b35c7b6e314e97a31748
                      • Instruction ID: 4287362a6718a1aaf31d2ac894f16ed4fdfe501b0c5934195a4927717263e36f
                      • Opcode Fuzzy Hash: 1327a371d212c0aaaf24b1aa60e37df838c86a8d4539b35c7b6e314e97a31748
                      • Instruction Fuzzy Hash: 1D31C670E012489FEB58DFEAD8506DDBBF2AF89300F24D139D418AB259EB709942CF51
                      Function 06D17709 Relevance: .1, Instructions: 68COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.4103219790.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_6d10000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b9fbeb4e6e880c8d3301e8e1a6cd616ed85ffe11eee1cb58cce772ec23899b84
                      • Instruction ID: 64c40c77c2ee95b3fe5fe6347bd06f8e76b692185cc8537357408131121315ce
                      • Opcode Fuzzy Hash: b9fbeb4e6e880c8d3301e8e1a6cd616ed85ffe11eee1cb58cce772ec23899b84
                      • Instruction Fuzzy Hash: 77217471E006589BDB58DFABD84069EBBF6AFC9300F14C12AD418AB268DB705946CB41
                      Function 016C5FC0 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.4101400775.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_16c0000_snake-cleaned_reversed.jbxd
                      Similarity
                      • API ID:
                      • String ID: \;^q$\;^q$\;^q$\;^q
                      • API String ID: 0-3001612457
                      • Opcode ID: 07912a806538d046730e64e0d74a38f21e58e089d16599300d9dbe3c4433b85c
                      • Instruction ID: 7b7efb3b46b6c8d0492d4e79ba75a7363b86965ed603d53c2519687b5ae9adf0
                      • Opcode Fuzzy Hash: 07912a806538d046730e64e0d74a38f21e58e089d16599300d9dbe3c4433b85c
                      • Instruction Fuzzy Hash: 5E019E317401158F8B288E2CCE4493977EAEB88EA1325416EE402DB3A1DA31EC42CB80